How to fix “ldif_read_file: checksum error”

Well, in spite of you did read a banner saying “# AUTO-GENERATED FILE – DO NOT EDIT!! Use ldapmodify.” you ignored it and made some manual modifications in any of the LDIF files in /etc/ldap/slapd.d/.

Don’t worry it happened to me too 🙂 When you need to quickly setup an openLDAP server for development it is pretty much easier to tweak these files although the recommended way is to use ldapmodify tool. But if you change the LDIF files in cn=config manually, their contents and checksums won’t match, which is not fatal, but is annoying when using tools such as slapcat:

544f7291 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
544f7291 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"

To fix it you have to recalculate their checksums, please follow the following steps:

1. Copy the errant file to an temporary directory (for example olcDatabase={2}hdb.ldif).

# cp /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif /tmp

2. Remove the first two lines of that file where it is included the old checksum value

# tail -n +3 /tmp/olcDatabase={2}hdb.ldif > fixed.ldif

3. Download the Check CRC tool from http://freecode.com/projects/checkcrc/

4. Extract the downloaded file

# tar xvfz check-4.3-src.tgz

5. Install the zlib development RPM package (or use APT on Debian based systems)

# yum install zlib-dev

6. Compile the check CRC tool:

# cd check-4.3
check4-3# gcc -O3 -Wall -DUSE_ZLIB -I/usr/include -o check check.c -L/usr/lib64 -lz

7. Calculate the new checksum

check-4.3# ./check /tmp/fixed.ldif
fixed.ldif        CRC-32 = 61e6182a, size = 582 bytes

8. Replace the new CRC-32 value into the original file using your favourite editor

# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
CRC32 61e6182a

 

Advertisements

21 thoughts on “How to fix “ldif_read_file: checksum error”

  1. great intro !
    just one remark regarding the checksum error: on most linux distros you can use the command “cksum filename” for calculating the crc checksum (see ” info coreutils ‘cksum invocation’ ” )
    cheers

    • Unfortunately it doesn’t output the same 32-bit hex format that ldap requires, but compiling check worked like a charm for me.

  2. Pingback: Basic OpenLDAP User Authentication With CentOS 6.6 Part 1: Server Configuration

  3. Great! Resolved the problem under ubuntu server 14.04. I used “crc32” to generate the CRC value. It is included in the “libarchive-zip-perl” package, so no compilation needed 😉

  4. Pingback: Installing & Configuring LDAP server and client on CENTOS 7 and FEDORA 21 Server « geekdudes

  5. Is this a fix for both errors?:
    544f7291 ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif”
    544f7291 ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif”

  6. Another way to easy fix this consist in: make your modification by hand, then, use ldapmodify to replace an existing value, with the same.

    It will replace the value with the same previuosly decided, but it will also replace the CRC on the top.

    Anyway, you did a good joob 😉

  7. I have stucked in 2nd steps friends.
    I am using centos 7.
    my pblm is

    when i run 2nd step
    {



    modifiersName: cn=config
    modifyTimestamp: 20150710144351Z
    bash: gt: command not found…
    [1]+ Done tail -n +3 /tmp/olcDatabase={2}hdb.ldif
    bash: fixed.ldif: command not found…

    }
    please help me friends.wt to do

  8. Hi,
    Step 2 Not working for me.
    2. Remove the first two lines of that file where it is included the old checksum value
    # tail -n +3 /tmp/olcDatabase={2}hdb.ldif > fixed.ldif

    error is
    -bash: gt: command not found
    -bash: fixed.ldif: command not found

  9. thanks for replying…
    yes I know that is the error.And how to run that command wt to do. how to fix the gt and fixed.ldif commmand not found error.

  10. Hi all,

    For the above error, you just need to uncomment the line “CRC32 4e94f689” in the below file.
    55d245f4 ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif”
    55d245f4 ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif”

  11. You could install perl-Archive-Zip to get crc32. Also to take out the extra step. You could do your tail of the original file and output it to a new file. Then run the crc32. And add it to the original. P.S. Thanks for this. I know it’s frowned upon to edit the files manually.

  12. Pingback: OpenLDAP | vanyi.eu

  13. Pingback: LDAP – How to change Base DN – KX Base

  14. Thank you guys for your different ways to have this fixed. I have followed the tuto and it did work for me. The only thing I have noticed is that my centOS 7 couldn’t find the zlib-dev (step 5). The correct package for centOS 7 is zlib-devel.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s