[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem getting monitor backend and syncrepl overlay to work



DeMoNs@web.de wrote:
Hi all,

i have a problem getting openldap to run monitor backend AND syncrepl
overlay.
i'm running freebsd-7.2-release-p6 in combination with
openldap-server-2.4.19 with sasl support compiled in.

i use the following slapd config:

include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/nis.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema
include		/usr/local/etc/openldap/schema/misc.schema
include		/usr/local/etc/openldap/schema/ldapns.schema
include		/usr/local/etc/openldap/schema/radius.schema

pidfile		/var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
logfile		/var/log/slapd.log

password-hash	{SSHA}
modulepath	/usr/local/libexec/openldap
moduleload	back_bdb
moduleload	back_monitor

access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
        by ssf=128 dn="cn=admin,dc=example,dc=de" write
        by dn="cn=admin,dc=example,dc=de" peername.ip=127.0.0.1 write
        by ssf=96 dn="cn=nssadmin,dc=example,dc=de" read
        by dn="cn=nssadmin,dc=example,dc=de" peername.ip=127.0.0.1 read
        by anonymous auth
        by * none
access to attrs=userPassword
	by self write
	by anonymous auth
	by * none

database	bdb
suffix		"dc=example,dc=de"
rootdn		"dc=example,dc=de"
directory	/var/db/openldap-data
index   objectClass,entryCSN,entryUUID    eq
index   uid    pres,eq,sub
index   memberUID    eq
index   uidNumber,gidNumber    eq
index   host    eq

database	monitor
rootdn		"cn=monitoring,cn=Monitor"
rootpw		monitoring

access to dn.subtree="cn=Monitor"
	by dn="cn=nssadmin,dc=example,dc=de"
	by * none

syncrepl rid=041
	provider=ldap://ldap-master.example.de
	type=refreshOnly
	interval=00:00:35:00
	searchbase="dc=example,dc=de"
	schemachecking=off
	bindmethod=simple
	starttls=yes
	binddn="cn=syncuser,dc=example,dc=de"
	credentials="strongsecretpassword"

TLSCertificateFile /usr/local/etc/openldap/ssl/ldap-crt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap-key.pem
TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem

loglevel 256

now, when i run slaptest i receive following error:

/usr/local/etc/openldap/slapd.conf: line 59: database monitor does not
support operations required for syncrepl
slaptest: bad configuration file!

Line 59 corresponds to the credentials option in the synrepl statement.
i can't figure out whats wrong, so if anyone can point me in the right
direction that would be really helpful.

"Line 59" means the whole statement ending at line 59, so in general the error can be anywhere in the statement. In this case, the error is the statement itself. As the error message is saying, back-monitor is missing some essential function that is required by syncrepl (I bet bi_op_add()). What's puzzling me is: back-monitor is (almost) read-only, and contains mostly dynamically generated information on the state of a server; what's the purpose of replicating it? Your configuration makes no sense.

p.