OpenLDAP installation issue in Apigee OPDK 4.16.01

Report Inappropriate Content · 08-16-2017 08:37 AM

While installing open ldap getting below error

Error: OpenLDAP password could not be changed Importing ppolicy olcOverlay ldap_add: Other (e.g., implementation specific) error (80) additional info: User Schema load failed for attribute "pwdMaxRecordedFailure". Error code 17: attribute type undefined adding new entry "olcOverlay=ppolicy,olcDatabase={2}bdb,cn=config" Error: sudo-apigee-service: ldapadd exited with unexpected status 80 Error: setup.sh: /opt/apigee/apigee-service/bin/apigee-service exited with unexpected status 80

Silent FIle:

IP1=10.0.1.235 # Zookeeper, Cassandra , OpenLDAP, Management Server, UI IP2=10.0.1.159 # Zookeeper, Cassandra, Router, Message Processor IP3=10.0.1.62 # Zookeepr,Cassandra, Roter, MP IP4=10.0.1.185 # QPID, PostGres Server IP5=10.0.1.129 # QPID, PostGres Server #Setting up master-standby postgres PG_MASTER=10.0.1.185 #master node PG_STANDBY=10.0.1.219 #slave node # Must resolve to IP address or DNS name of host - not to 127.0.0.1 or localhost. HOSTIP=10.0.1.185 # Set Edge sys admin credentials. ADMIN_EMAIL=**** APIGEE_ADMINPW=*** #If omitted, you are prompted for its ORG_NAME=*** # Postgres credentials from Edge installation. PG_USER=apigee # Default from Edge installation PG_PWD=postgres # Default from Edge installation LICENSE_FILE=/tmp/license.txt MSIP=$IP1 USE_LDAP_REMOTE_HOST=y LDAP_HOST=10.0.1.185 LDAP_PORT=10389 LDAP_TYPE=1 APIGEE_LDAPPW=secret BIND_ON_ALL_INTERFACES=y MP_POD=gateway REGION=dc-1 USE_ZK_CLUSTER=y ZK_HOSTS="$IP1 $IP2 $IP3" ZK_CLIENT_HOSTS="$IP1 $IP2 $IP3" USE_CASS_CLUSTER=y CASS_HOSTS="$IP1 $IP2 $IP3"

akashtp

@mohit.baveja Can you please confirm the OS version you are running this on?

akashtp

@mohit.baveja Please take a look at the release documentation below to check if you are running a supported OS for 4.16.01.

http://docs.apigee.com/release-notes/content/4160100-apigee-edge-private-cloud-release-notes#newfeat...

The error what you are seeing now is for openldap versions 2.4.44 and higher. Our internal engineering team is working on fixing this for OPDK version 4.17.05 and I am afraid this may not be back ported to 4.16.X.

Can you please check the version of openldap?

rpm -qa | grep openldap

Report Inappropriate Content

We are facing this issue in 4.17.05 installation on installation on Private cloud with internet enabled. Is the solution available in 4.17.05 yet?

anvimalia

Hi @Akash Prabhashankar

So how do we get this to work for 16.01 ? Downgrade openldap?

rajeshmi

Try these :

/opt/apigee/apigee-service/bin/apigee-service apigee-openldap uninstall

#Get the openldap versions
rpm -qa | grep openldap


#Remove the openldap version 2.4.44

yum remove openldap-servers-2.4.44-5.el7.x86_64
yum remove openldap-clients-2.4.44-5.el7.x86_64
yum remove openldap-2.4.44-5.el7.x86_64

#Install the openldap 2.4.40 versions

yum downgrade openldap-2.4.40
yum install openldap-2.4.40
yum install openldap-servers-2.4.40
yum install openldap-clients-2.4.40

Run the setup again.

Report Inappropriate Content

Hi @Sanjay Negi and @mohit.baveja ,

I still having this issue with 4.17.05. I solved it during a 4.17.05 installation running the following commands:

(For redhat dev access, you can create a developer account)

#Verify openldap installed version
rpm -qa|grep openldap

#Download the supported rpm 

# openldap mirrors
# Centos http://rpm.pbone.net/index.php3/stat/4/idpl/35490701/dir/centos_7/com/openldap-2.4.40-13.el7.x86_64....

# Redhat https://access.redhat.com/downloads/content/openldap/2.4.40-13.el7/x86_64/fd431d51/package

# openldap-clients mirrors
# Centos  http://rpm.pbone.net/index.php3/stat/4/idpl/31982582/dir/centos_7/com/openldap-clients-2.4.40-8.el7....

# Redhat https://access.redhat.com/downloads/content/openldap-clients/2.4.40-13.el7/x86_64/fd431d51/package

# openldap-servers mirrors
# Centos http://rpm.pbone.net/index.php3/stat/4/idpl/35490705/dir/centos_7/com/openldap-servers-2.4.40-13.el7...

# Redhat https://access.redhat.com/downloads/content/openldap-servers/2.4.40-13.el7/x86_64/fd431d51/package


#Downgrade openldap version
sudo rpm -Uvh --oldpackage openldap-2.4.40-13.el7.x86_64.rpm

#Install openldap clients and servers

sudo rpm -ivh openldap-clients-2.4.40-13.el7.x86_64.rpm 

sudo rpm -ivh openldap-servers-2.4.40-13.el7.x86_64.rpm

Report Inappropriate Content

We have "automated" installation of API Gateway, with internet enabled. Till now the installation used to download and install OpenLDAP 2.4.40 but one fine day it started picking 2.4.44 and the installation started failing.

The best solution will be that Apigee installation has some property in configuration file, which can provide the feed to newly added property in OpenLDAP (i.e. "pwdMaxRecordedFailure").

Report Inappropriate Content

Hi @Sanjay Negi, in the latest version this issue is solved.

Hope this helps you,

-Mauro

Report Inappropriate Content

A simpler way to obtain the older openldap version:

sudo yum install  --enablerepo=C7.3.1611-base openldap-servers-2.4.40 openldap-clients-2.4.40

anvimalia

Hi @Dario Bertini @Dario Bertini

When i try the command above i see this

Package matching openldap-clients-2.4.40-13.el7.x86_64 already installed. Checking for update. Resolving Dependencies --> Running transaction check ---> Package openldap-servers.x86_64 0:2.4.40-13.el7 will be installed --> Processing Dependency: openldap(x86-64) = 2.4.40-13.el7 for package: openldap-servers-2.4.40-13.el7.x86_64 --> Finished Dependency Resolution Error: Package: openldap-servers-2.4.40-13.el7.x86_64 (C7.3.1611-base) Requires: openldap(x86-64) = 2.4.40-13.el7 Installed: openldap-2.4.44-5.el7.x86_64 (@base) openldap(x86-64) = 2.4.44-5.el7 Available: openldap-2.4.40-13.el7.x86_64 (C7.3.1611-base) openldap(x86-64) = 2.4.40-13.el7 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest

how can i successfully uninstall openldap 2.4.44?

anvimalia

Hi @Mauro Gonzalez

the link for ftp is a 404 now .. not able to download the the old version

Report Inappropriate Content

http://rpm.pbone.net/index.php3/stat/4/idpl/35490705/dir/centos_7/com/openldap-servers-2.4.40-13.el7...

http://rpm.pbone.net/index.php3/stat/4/idpl/35490701/dir/centos_7/com/openldap-2.4.40-13.el7.x86_64....

http://rpm.pbone.net/index.php3/stat/4/idpl/31982582/dir/centos_7/com/openldap-clients-2.4.40-8.el7....

jorisbijnens

Hello,

We have just upgraded from Red Hat 7.2 to 7.4 and are getting this error. I need to verify the Openldap version, but what would be the best way to recover from this?

Thanks

Report Inappropriate Content

Just in case it's useful to know - I did a deploy of 4.17.09 on RHEL 7.4 which includes opendlap 2.4.44 and the installation worked with no openldap errors. No downgrade was necessary and the schema validation issue did not arise - so it would appear to have been fixed in 4.17.09 (I would have expected to see this bug as a 'FIXED' in the release notes!)

Report Inappropriate Content

Hi Json, could you verify which openldap version are you running after the edge installation?

paulmibus

I agree that this could be clearer in the release notes. Right now it's implicit in the OS version support list--versions prior to 4.17.09 do not support EL 7.4, which is the version in which the OpenLDAP version change occurred.

Report Inappropriate Content

As mentioned, 17.09 solves this issue, but for people still on an older version, but who are running Centos 7.4 (I expect this to work with newer versions as well), you can easily install an older version via yum, without manually downloading rpms:

sudo yum install  --enablerepo=C7.3.1611-base openldap-servers-2.4.40 openldap-clients-2.4.40

ylesyuk

Not an option for those who are in air-gapped environments. Also, not just redhat/centos 7.4. Older versions as well, after upgraded to the current latest openldap/2.4.44.