I have installed Berkeley DB version 4.7.25 on a server and am now trying to configure OpenLDAP 2.4.16 but I get the following error:

checking db.h usability... yes
checking db.h presence... yes
checking for db.h... yes
checking for Berkeley DB major version in db.h... 4
checking for Berkeley DB minor version in db.h... 3
checking if Berkeley DB version supported by BDB/HDB backends... no
configure: error: BerkeleyDB version incompatible with BDB/HDB backends

Essentially this is what I did.

Berkeley DB Setup:
1) untar the load.
2) cd /<DB release>/build_unix
3) ../dist/configure
4) make
5) make install

OpenLDAP Setup:
1) unpackage the load
2) cd /openldap
3) ./configure
and also tried
4) ./configure --enable-debug --with-tls=openssl --enable-monitor
and also tried
5) LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB/lib -L/usr/local/ssl/lib -R/usr/local/lib -R/usr/local/BerkeleyDB/lib -R/usr/local/ssl/lib" CPPFLAGS="-I/usr/local/include -I/usr/local/BerkeleyDB/include -I/usr/local/ssl/include" ./configure

Can someone please point me in the right direction. I have tried some workarounds I have seen online for similar issues but they don't work.

Thanks,
slast

I have gotten a little further with the following command:

After issuing the following command, I now get the following error.

LDFLAGS=-L/usr/local/BerkeleyDB.4.7/lib CPPFLAGS=-I/usr/local/BerkeleyDB.4.7/include ./configure

checking for Berkeley DB major version in db.h... 4
checking for Berkeley DB minor version in db.h... 7
checking if Berkeley DB version supported by BDB/HDB backends... yes
checking for Berkeley DB link (-ldb-4.7)... yes
checking for Berkeley DB library and header version match... no
configure: error: Berkeley DB version mismatch

Any suggestions?

Thanks,
slast

Which Linux version are you doing this on, are there pre-installed berkeley DB
still around? I had no issues compiling both BDB and OpenLDAP versions you
were using here ....


Cheers,
Tink

@slast

Been there done that!!! You can bypass the problem you have by using:
prior running ./configure.
You'll come across another error during make, that you can also bypass by adding "-D_GNU_SOURCE" in CPPFLAGS:
Finally it will compile, but it won't work, because ldapsearch, ldapadd and other utilities will hang, without any apparent error in the logs.
I had to go back and use db-4.4 in order for openldap 2.4.16 to work.

Hope that helps.

I am running Fedora Core 6 on the server that I have installed the Berkeley DB and OpenLDAP.

Does slapd works?
Because as I told you I've managed also to install both of them on Slackware 12.2 (if that matters), but once I ran a ldapsearch, it hangs at the 1st "ou=..." and if I stop it, then slapd becomes irresponsible and I have to kill it.

Bathory,

I have tried the commands you listed, and am still seeing the following:

checking for db.h... yes
checking for Berkeley DB major version in db.h... 4
checking for Berkeley DB minor version in db.h... 3
checking if Berkeley DB version supported by BDB/HDB backends... no
configure: error: BerkeleyDB version incompatible with BDB/HDB backends


Here are the exact commands I used.

export LD_LIBRARY_PATH=/usr/local/BerkeleyDB/lib:$LD_LIBRARY_PATH

LDFAGS=-L/usr/local/BerkeleyDB.4.7/lib CPPFLAGS="-D_GNU_SOURCE -I/usr/local/Berkeley.4.7/include" ./configure

Any other suggestions?

It still finds your previous version before the new one. Run "make distclean" prior running ./configure to clean any cached files. As a temporary workaround you can also (re)move the symlink /usr/include/db.h

***EDIT***
In you case, it should be: export LD_LIBRARY_PATH=/usr/loca/BerkeleyDB.4.7/lib:$LD_LIBRARY_PATH

So I've managed to get to the point of trying the ldapadd and ldapsearch commands.

Bathory, is the error below consistent with the problems you were having?

ldapadd -H ldaps://47.135.41.16 -x -D "cn=admin,dc=cablab,dc=com" -W -f cablab.ldif
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Your problem now is that you cannot connect to the server. Are you sure it's running and it's listening on port 636?
The problem I'm facing with db-4.7.x, is that after server starting, the 1st command I issue (ldapsearch, ldapadd, whatever) hangs and I have to kill it. After that the server becomes irresponsible and I also have to kill slapd.
This does not happen with db-4.6.x and previous versions.

Bathory, here is a detailed error message:

[root@pcard0bu slapd.d]# ldapadd -H ldaps://47.135.41.16 -x -D "cn=admin,dc=cablab,dc=com" -W -f cablab.ldif -d8
Enter LDAP Password:
TLS certificate verification: Error, self signed certificate in certificate chain
TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Problem is I have created certificates that I believe should work.

Found this command on another website. Does it mean anything?

[root@pcard0bu slapd.d]# /usr/local/libexec/slapd -u ldap -d 256
@(#) $OpenLDAP: slapd 2.4.16 (Jun 3 2009 14:20:51) $
root@pcard0bu:/usr/local/etc/openldap/openldap-2.4.16/servers/slapd
No passwd entry for user ldap

Even though I haven't ever setup a secure openldap server, I think that your problem is that you cannot resolve the ip supplied in the URI, with the servername you used when you issued the ssl certificate.
Edit /etc/hosts to add an entry for the ip/hostname and try again, maybe increasing the debug level and using the -ZZ (or -Z if that fails) option:
You can read this about configuring ldap with tls/ssl.
Quoting from slapd manpage:
So I don't think it's useful for your case.

Regards

That's because BDB 4.7 must be patched with all patches from Oracle before it is usable.

FYI openldap works nicely with db-4.8.x

Regards

Yes, as a member of the OpenLDAP team, I'm quite aware of that. I just wanted to be sure if anyone else stumbled across this thread, they would understand that BDB 4.7 works just fine too, if the patches are applied. As noted in the README document shipped with OpenLDAP.



--Quanah