Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have an issue that I have not been able to understand. Partially because
I'm an enthusiast, not an expert in the domain. That being said, I've used
an openLDAP RPM compiled by one of the fellow *nix admins: http://staff.telkomsa.net/packages - Yes, besides the security reasons I'm
desperate enough to try this. I'll eventually use the spec to compile my own
RPM.
I'm running CentOS 5.7 x86_64 with the latest packages. I was able to
successfully install and configure openLDAP but when I attempt to start it
with MIrrorMode, it will not start. I ran slaptest to figure out where it's
hanging up on:
[root@ldap1 ~]# slaptest2.4 -f /etc/openldap2.4/slapd.conf
/etc/openldap2.4/slapd.conf: line 207: rootDN must be defined before
syncrepl may be used
slaptest2.4: bad configuration file!
Any suggestions why it continues to complain about rootDN? I have it
specified and if slapd is going through the lines, it should have picked up
the rootdn before syncrepl. Thoughts?
Here is my slapd.conf:
Code:
include /usr/share/openldap2.4/schema/core.schema
include /usr/share/openldap2.4/schema/cosine.schema
include /usr/share/openldap2.4/schema/corba.schema
include /usr/share/openldap2.4/schema/inetorgperson.schema
include /usr/share/openldap2.4/schema/java.schema
include /usr/share/openldap2.4/schema/krb5-kdc.schema
include /usr/share/openldap2.4/schema/kerberosobject.schema
include /usr/share/openldap2.4/schema/misc.schema
include /usr/share/openldap2.4/schema/nis.schema
include /usr/share/openldap2.4/schema/openldap.schema
include /usr/share/openldap2.4/schema/autofs.schema
include /usr/share/openldap2.4/schema/samba.schema
include /usr/share/openldap2.4/schema/kolab.schema
include /usr/share/openldap2.4/schema/evolutionperson.schema
include /usr/share/openldap2.4/schema/calendar.schema
include /usr/share/openldap2.4/schema/sudo.schema
include /usr/share/openldap2.4/schema/dnszone.schema
include /usr/share/openldap2.4/schema/dhcp.schema
#include /usr/share/openldap2.4/schema/rfc822-MailMember.schema
#include /usr/share/openldap2.4/schema/pilot.schema
#include /usr/share/openldap2.4/schema/qmail.schema
#include /usr/share/openldap2.4/schema/mull.schema
#include /usr/share/openldap2.4/schema/netscape-profile.schema
#include /usr/share/openldap2.4/schema/trust.schema
include /etc/openldap2.4/schema/local.schema
include /etc/openldap2.4/slapd.access.conf
access to dn.subtree="dc=domain,dc=pvt"
by group="cn=Replicator,ou=Group,dc=domain,dc=pvt"
by users read
by anonymous read
pidfile /var/run/ldap2.4/slapd.pid
argsfile /var/run/ldap2.4/slapd.args
modulepath /usr/lib64/openldap2.4
# database backend modules available:
#moduleloadback_dnssrv.la
#moduleloadback_ldap.la
#moduleloadback_meta.la
moduleloadback_monitor.la
#moduleloadback_passwd.la
#moduleloadback_sql.la
# overlay modules available:
#moduleload accesslog.la
#moduleload denyop.la
#moduleload dyngroup.la
#moduleload dynlist.la
#moduleload glue.la
#moduleload lastmod.la
#moduleload pcache.la
#moduleload ppolicy.la
#moduleload refint.la
#moduleload retcode.la
#moduleload rwm.la
moduleload syncprov.la
#moduleload translucent.la
#moduleload unique.la
#contrib overlays
#moduleloadsmbk5pwd.so
# SASL config
#sasl-host ldap.domain.com
# To allow TLS-enabled connections, create /etc/ssl/openldap2.4/ldap.pem
# and uncomment the following lines.
#TLSRandFile/dev/random
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile/etc/pki/tls/private/ldap.pem
TLSCertificateKeyFile /etc/pki/tls/private/ldap.pem
#TLSCACertificatePath /etc/ssl/openldap2.4/
#TLSCACertificateFile/etc/ssl/cacert.pem
TLSCACertificateFile/etc/pki/tls/private/ldap.pem
#TLSVerifyClient never # ([never]|allow|try|demand)
# logging
#loglevel 256
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=domain,dc=pvt"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,dc=domain,dc=pvt"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided.See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}[NeeeNer NeeeNer NeeeNer]
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap2.4
# Tuning settings, please see the man page for slapd-bdb for more
information
# as well as the DB_CONFIG file in the database directory
# commented entries are at their defaults
# In-memory cache size in entries
#cachesize 1000
# Checkpoint the bdb database after 256kb of writes or 5 minutes have passed
# since the last checkpoint
checkpoint 256 5
# Indices to maintain
index objectClass eq
# persion-type searches
index cn,mail,surname,givenname
eq,subinitial
# nss_ldap exact searches:
index uidNumber,gidNumber,memberuid,member,uniqueMember eq
# username completion via nss_ldap needs uid indexed sub:
index uid
eq,subinitial
# samba:
index sambaSID,sambaDomainName,displayName eq
# autofs:
#index nisMapName eq
# bind sdb_ldap:
#index zoneName,relativeDomainName eq
# sudo
index sudoUser eq
# syncprov
#indexentryCSN,entryUUIDeq
limits group="cn=Replicator,ou=Group,dc=domain,dc=pvt"
size=unlimited
time=unlimited
database monitor
overlay syncprov
syncprov-checkpoint 10 1
syncprov-sessionlog 100
syncrepl rid=000
provider=ldap://ldap1.oak.domain.pvta
type=refreshAndPersist
interval=01:00:00:00
retry="5 5 300 +"
rootdn="dc=domain,dc=pvt"
attrs="*,+"
bindmethod=simple
binddn="cn=Manager,dc=domain,dc=pvt"
credentials=domain1
syncrepl rid=001
provider=ldap://ldap2.oak.domain.pvt
type=refreshAndPersist
interval=01:00:00:00
retry="5 5 300 +"
rootdn="dc=domain,dc=pvt"
attrs="*,+"
bindmethod=simple
binddn="cn=Manager,dc=domain,dc=pvt"
credentials=domain1
mirrormode TRUE
serverID 1
Last edited by wills; 09-20-2011 at 07:25 PM.
Reason: encoding problem...
syncrepl is a single command, you indent the options to keep it as a single option split over multiple lines, and rootdn is not a valid option for a syncrepl command.
Checking config file /etc/openldap2.4/slapd.conf: [FAILED]
/etc/openldap2.4/slapd.conf: line 128: rootDN must be defined before syncrepl may be used
slaptest2.4: bad configuration file!
Obviously there is a syntax issue but I'm thinking the configtest isn't referring to the correct line. Could be wrong, I've been wrong before.
well you have a monitor database and that is the database you're apparently trying to replicate. you need a database followed by a rootdn followed by the synrepl.
That was it, the monitor database was the issue. I also removed updatedn since slapd was complaining about:
Error: parse_syncrepl_line: unable to parse "updatedn=cn ... "
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
