OpenLDAP checksum error and slapcat message “ldif_read_file: checksum error”

OpenLDAP has evolved allowing dynamic changes in the (very good in principle), which is usually stored in:

Source   
/etc/ldap/slapd.d

The recommendation is to use commands like: ldapadd, ldapmodify or ldapdelete.

But the reality is that often would be nice to make changes manually to end before, this is something you can do. Simply restarting the service then restart normally pretty fast.

The surprise comes when we do a:

Source   
ubuntu@ip-10-80-242-10:~$ sudo /usr/sbin/slapcat -l ldap_def.diff
51a4769b ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config/cn=schema/cn={7}pwm.ldif"

And it indicates that the checksum does not match, it is a rather ugly and might not want to see further notice, at the end of the change we have done.

Checksum information is stored in the same file that is indicated:

Source   
/etc/ldap/slapd.d/cn=config/cn=schema/cn={7}pwm.ldif

If we executed a cat on this file see:

Source   
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 343453a4
dn: cn={7}pwm
objectClass: olcSchemaConfig
...

There’s the CRC32, the first thing you might think is “the new CRC32 calculation I replace and ready”, but something much simpler. Remove the first 2 lines and ready, leaving the file:

Source   
dn: cn={7}pwm
objectClass: olcSchemaConfig
...

Now if we make a slapcat, this notice is gone.

Leave a Reply