dbindex error "Type or value exists"

[leonkyneur]

Having issues when managing Indexes.

Environment:

Puppet 3.7.4
OS: CentOS 6.6
OpenLDAP: 2.4.39

The first run the index creates and all is well.. subsequent runs the agent complains that the index already exists.

manifest:

openldap::server::dbindex { 'create index uid':
    ensure    => present,                  
    attribute => 'uid',
    suffix    => 'dc=messaging,dc=example,dc=com',
    indices   => 'pres,eq',
} 

Debug output:

==> openldap1: Debug: /Stage[main]/Main/Node[ldapmaster1.local]/Openldap::Server::Database[dc=messaging,dc=example,dc=com]/File[/var/lib/ldap]/before: requires Openldap_database[dc=messaging,dc=m2co
re,dc=com]
==> openldap1: Debug: /Stage[main]/Main/Node[ldapmaster1.local]/Openldap::Server::Dbindex[create index uid]/Openldap_dbindex[create index uid]: Autorequiring Openldap_database[dc=messaging,dc=example,dc=c
om]
==> openldap1: Info: Applying configuration version '1427410139'
==> openldap1: Debug: Prefetching yum resources for package
==> openldap1: Debug: Executing '/bin/rpm --version'
==> openldap1: Debug: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n''
==> openldap1: Debug: Executing '/sbin/service slapd status'
==> openldap1: Debug: Executing '/sbin/chkconfig slapd'
==> openldap1: Debug: Prefetching olc resources for openldap_database
==> openldap1: Debug: Executing '/usr/sbin/slapcat -b cn=config -H ldap:///???(&(objectClass=olcDatabaseConfig)(|(objectClass=olcBdbConfig)(objectClass=olcHdbConfig)))'
==> openldap1: Debug: /Stage[main]/Openldap::Server::Slapdconf/Openldap::Server::Database[dc=my-domain,dc=com]/Openldap_database[dc=my-domain,dc=com]: Nothing to manage: no ensure and the resource doesn'
t exist
==> openldap1: Debug: Prefetching olc resources for openldap_dbindex
==> openldap1: Debug: Executing '/usr/sbin/slapcat -b cn=config -H ldap:///???(olcDbIndex=*)'
==> openldap1: Debug: Executing '/usr/sbin/slapcat -b cn=config -H ldap:///???(olcSuffix=dc=messaging,dc=example,dc=com)'
==> openldap1: Debug: dn: olcDatabase={2}bdb,cn=config
==> openldap1: add: olcDbIndex
==> openldap1: olcDbIndex: uid pres,eq
==> openldap1:
==> openldap1: Debug: Executing '/usr/bin/ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/openldap_dbindex20150326-19015-1wjocaz-0'
==> openldap1: Error: LDIF content:
==> openldap1: dn: olcDatabase={2}bdb,cn=config
==> openldap1: add: olcDbIndex
==> openldap1: olcDbIndex: uid pres,eq
==> openldap1:
==> openldap1: Error message: Execution of '/usr/bin/ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/openldap_dbindex20150326-19015-1wjocaz-0' returned 20: SASL/EXTERNAL authentication started
==> openldap1: SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
==> openldap1: SASL SSF: 0
==> openldap1: ldap_modify: Type or value exists (20)
==> openldap1: additional info: modify/add: olcDbIndex: value #0 already exists
==> openldap1: modifying entry "olcDatabase={2}bdb,cn=config"
==> openldap1: /vagrant/modules/openldap/lib/puppet/provider/openldap_dbindex/olc.rb:83:in create' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/property/ensure.rb:16:inset_present'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:197:in send' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:197:incall_valuemethod'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:498:in set' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/property.rb:581:insync'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:204:in sync' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:128:insync_if_needed'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:81:in perform_changes' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:20:inevaluate'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:204:in apply' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:217:ineval_resource'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:in call' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:inevaluate'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:327:in thinmark' ==> openldap1: /usr/lib/ruby/1.8/benchmark.rb:308:inrealtime'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:326:in thinmark' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:inevaluate'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/graph/relationship_graph.rb:118:in traverse' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:138:inevaluate'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:169:in apply' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/util/log.rb:149:inwith_destination'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/transaction/report.rb:112:in as_logging_destination' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:168:inapply'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:120:in apply_catalog' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:161:inbenchmark'
==> openldap1: /usr/lib/ruby/1.8/benchmark.rb:308:in realtime' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:160:inbenchmark'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:119:in apply_catalog' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:227:inrun_internal'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:134:in run' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/context.rb:64:inoverride'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet.rb:244:in override' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:133:inrun'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/application/apply.rb:297:in apply_catalog' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/application/apply.rb:231:inmain'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/context.rb:64:in override' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet.rb:244:inoverride'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/application/apply.rb:193:in main' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/application/apply.rb:154:inrun_command'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:381:in run' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:507:inplugin_hook'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:381:in run' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:488:inexit_on_fail'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:381:in run' ==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:146:inrun'
==> openldap1: /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:92:in `execute'
==> openldap1: /usr/bin/puppet:8
==> openldap1: Error: /Stage[main]/Main/Node[ldapmaster1.local]/Openldap::Server::Dbindex[create index uid]/Openldap_dbindex[create index uid]/ensure: change from absent to present failed: LDIF content:
==> openldap1: dn: olcDatabase={2}bdb,cn=config
==> openldap1: add: olcDbIndex
==> openldap1: olcDbIndex: uid pres,eq
==> openldap1:
==> openldap1: Error message: Execution of '/usr/bin/ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/openldap_dbindex20150326-19015-1wjocaz-0' returned 20: SASL/EXTERNAL authentication started
==> openldap1: SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
==> openldap1: SASL SSF: 0
==> openldap1: ldap_modify: Type or value exists (20)
==> openldap1: additional info: modify/add: olcDbIndex: value #0 already exists
==> openldap1: modifying entry "olcDatabase={2}bdb,cn=config"
==> openldap1: Debug: Finishing transaction 70294556675300
==> openldap1: Debug: Storing state
==> openldap1: Debug: Stored state in 0.02 seconds
==> openldap1: Notice: Finished catalog run in 1.19 seconds
==> openldap1: Debug: Using settings: adding file resource 'rrddir': 'File[/var/lib/puppet/rrd]{:group=>"puppet", :backup=>false, :ensure=>:directory, :owner=>"puppet", :loglevel=>:debug, :mode=>"750", :
path=>"/var/lib/puppet/rrd", :links=>:follow}'
==> openldap1: Debug: /File[/var/lib/puppet/rrd]/seluser: Found seluser default 'system_u' for /var/lib/puppet/rrd
==> openldap1: Debug: /File[/var/lib/puppet/rrd]/selrole: Found selrole default 'object_r' for /var/lib/puppet/rrd
==> openldap1: Debug: /File[/var/lib/puppet/rrd]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/rrd
==> openldap1: Debug: /File[/var/lib/puppet/rrd]/selrange: Found selrange default 's0' for /var/lib/puppet/rrd
==> openldap1: Debug: Finishing transaction 70294557880440
==> openldap1: Debug: Received report to process from ldapmaster1.local
==> openldap1: Debug: Processing report from ldapmaster1.local with processor Puppet::Reports::Store
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

[root@ldapmaster1 ~]# /usr/sbin/slapcat -b cn=config -H 'ldap:///???(&(objectClass=olcDatabaseConfig)(|(objectClass=olcBdbConfig)(objectClass=olcHdbConfig)))' |grep uid
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
olcDbIndex: uid pres,eq
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

[mcanevet]

@leonkyneur I definitely need an acceptance test to check that...
I'll see if I can find time to write it, or maybe you can try to submit a PR based on the existing acceptance tests.

[mcanevet]

@leonkyneur #66 will probably fix this issue (review in progress)

[mcanevet]

@leonkyneur #66 merged, I close this