HOW TO fix openLDAP checksum error on config files

gistfile1.txt

(source : http://injustfiveminutes.com/category/openldap)

How to fix “ldif_read_file: checksum error”
Posted on October 28, 2014	
15

Well, in spite of you did read a banner saying “# AUTO-GENERATED FILE – DO NOT EDIT!! Use ldapmodify.” you ignored it and made some manual modifications in any of the LDIF files in /etc/ldap/slapd.d/.

Don’t worry it happened to me too :) When you need to quickly setup an openLDAP server for development it is pretty much easier to tweak these files although the recommended way is to use ldapmodify tool. But if you change the LDIF files in cn=config manually, their contents and checksums won’t match, which is not fatal, but is annoying when using tools such as slapcat:

544f7291 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
544f7291 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"

To fix it you have to recalculate their checksums, please follow the following steps:

1. Copy the errant file to an temporary directory (for example olcDatabase={2}hdb.ldif).
  
  # cp /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif /tmp

2. Remove the first two lines of that file where it is included the old checksum value

  # tail -n +3 /tmp/olcDatabase={2}hdb.ldif > fixed.ldif

3. Download the Check CRC tool from http://freecode.com/projects/checkcrc/

4. Extract the downloaded file

  # tar xvfz check-4.3-src.tgz

5. Install the zlib development RPM package (or use APT on Debian based systems)

  # yum install zlib-dev

6. Compile the check CRC tool:

  # cd check-4.3
  check4-3# gcc -O3 -Wall -DUSE_ZLIB -I/usr/include -o check check.c -L/usr/lib64 -lz

7. Calculate the new checksum

  check-4.3# ./check /tmp/fixed.ldif
  fixed.ldif        CRC-32 = 61e6182a, size = 582 bytes

8. Replace the new CRC-32 value into the original file using your favourite editor
	
  # vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
  AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
  CRC32 61e6182a

 

Thanks. Fixed it. :)

libarchive-zip-perl provides CRC32 for creating zip archives, fwiw.

Thanks for sharing!

I am using RedHat 7.3.
I have to use gcc -O3 -Wall -o check check.c instead of gcc -O3 -Wall -DUSE_ZLIB -I/usr/include -o check check.c -L/usr/lib64 -lz even after installed zlib-devel.x86_64.
But that's ok to me.

Thanks a lot

Another option, that does not require compilation:

Steps 1-2: as above (copy LDIF file to /tmp, strip top two lines)
3: yum install perl-Archive-Zip
4: crc32 /tmp/*ldif
5: replace top two lines in LDIF file with new CRC (step 8 above)

hi

have you tried dumping the 'cn=config' or database 0 and restore it back? must take about 10 to 20 seconds, seeking radio stations included :)

Automated process example in CentOS 7:

# Install dependencies!
yum install perl-Archive-Zip

# Update CRC32's!
CONFIG_LDIF_CRC32=$(crc32 <(cat /etc/openldap/slapd.d/cn=config.ldif | tail -n +3))
CONFIG_LDIF_CRC32="# CRC32 $CONFIG_LDIF_CRC32"

BDB_LDIF_CRC32=$(crc32 <(cat /etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif | tail -n +3))
BDB_LDIF_CRC32="# CRC32 $BDB_LDIF_CRC32"

SED_RPL="'0,/# CRC32 .*/s//$CONFIG_LDIF_CRC32/g'"
eval "sed -i $SED_RPL /etc/openldap/slapd.d/cn=config.ldif"

SED_RPL="'0,/# CRC32 .*/s//$BDB_LDIF_CRC32/g'"
eval "sed -i $SED_RPL /etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif"

Thanks! =D

OMG :(

Thanks!!!

Another option, that does not require compilation:

Steps 1-2: as above (copy LDIF file to /tmp, strip top two lines)
3: yum install perl-Archive-Zip
4: crc32 /tmp/*ldif
5: replace top two lines in LDIF file with new CRC (step 8 above)

On a Debian-based system, step 3 could be

apt install libarchive-zip-perl

No dependencies:

LDIF='/etc/openldap/slapd.d/cn=config.ldif'
NEW_CRC32="$(tail -n +3 "$LDIF" | python3 -c 'import sys;import zlib;print("%08x"%(zlib.crc32(sys.stdin.buffer.read())))')"
sed -i "0,/# CRC32 .*/ s//# CRC32 ${NEW_CRC32,,}/g" "$LDIF"