Nick Howitt wrote:

Please send the backup but it is from before the system was upgraded. Peter can probably restore it then upgrade and see what happened.

The issue you linked to should have been solved as it was a back end problem but I do note that today the clearcenter.com is mainly down, occasionally allowing a connection. I don't know if that will cause any problems. My webconfig is still responsive on my production box, but I can't register a system with the test iso.

Nick Howitt wrote:

Please send the backup but it is from before the system was upgraded. Peter can probably restore it then upgrade and see what happened.

The issue you linked to should have been solved as it was a back end problem but I do note that today the clearcenter.com is mainly down, occasionally allowing a connection. I don't know if that will cause any problems. My webconfig is still responsive on my production box, but I can't register a system with the test iso.

Hi Nick
I'm pretty sure I kept some config backups before and after the system update.
Unfortunately i'm busy and i'll look forward to post files as soon as i can

Nick Howitt wrote:

Odd, this one as only some people are getting it. Can you post your /etc/openldap/slapd.conf? If you have a setup which came from 6.x it appears to be pulling certificates from /etc/openldap/cacerts. If you have a vanilla set up, it puls them from /etc/openldap/certs. Either way it does not explain the problem of why it works with the old version of openssl and not the new.

dear Nick, firstly, thank you for watching this ...

as I wrote yesterday I had this in a fresh installed 7.4 box. It happened on Friday morning: the customer called me saying samba shares were not reachable anymore, and he was asking for authentication, but no users could reach his files and folders; after trying out to solve, I decided the server will be sooner functional reinstalling it (i rsync data and home dirs very often on another HDD). So I got the box, pulled out HDDs and installed a freshly downloaded 7.4 DVD image.
Then I re-entered the few users and groups and retored back data. Restored sync and backup scripts and we were happy to be functional again.
The day after I was called by the customer: he was back without access. Once i saw the problem was once again in slapd daemon, I read logs and I realized openldap components were updated in the night.

Anyway her you are certs directory ownership:


and this one is slapd.conf

Nick Howitt wrote:

Paolo MACOR wrote:
(hey: how one can achieve this through command line? should one simply disable them in crontab?)

You don't need to do that. You could add:to /etc/yum.conf. Autoupdates would then work excluding those packages.

thank you, Nick.

Re: OpenLDAP stopped working after system got updated

hi,
I manage some COS boxes; two of them have 7.4 , and last friday smb stopped authenticate users.
It seemed to be openldap service that didn't came up anymore. It was completely broken, and I could see 'Account Manager is offline' in WebConfig
After reinstalling one of them and see the same problem was back on newly uinstalled box I investigate updates.
so I came up with downgrading updated openldap components:


yum downgrade openldap openldap-servers openldap-clients


and everything was back. then I stopped autoupdates (hey: how one can achieve this through command line? should one simply disable them in crontab?)

let us know if this works for you too.
paolo

hi,
I manage some COS boxes; two of them have 7.4 , and last friday smb stopped authenticate users.
It seemed to be openldap service that didn't came up anymore. It was completely broken, and I could see 'Account Manager is offline' in WebConfig
After reinstalling one of them and see the same problem was back on newly uinstalled box I investigate updates.
so I came up with downgrading updated openldap components:


yum downgrade openldap openldap-servers openldap-clients


and everything was back. then I stopped autoupdates (hey: how one can achieve this through command line? should one simply disable them in crontab?)

let us know if this works for you too.
paolo