[Date Prev][Date Next] [Chronological] [Thread] [Top]

Unable to start slapd, syncrepl error



Oh the wise and mighty of the openLDAP community, 

I have an issue that I have not been able to understand. Partially because
I?m an enthusitis, not an expert in the domain. That being said, I've used
an openLDAP RPM compiled by one of the fellow *nix admins:
http://staff.telkomsa.net/packages - Yes, besides the security reasons I'm
desparate enough to try this. I'll eventually use the spec to compile my own
RPM.

I'm running CentOS 5.7 x86_64 with the latest packages. I was able to
successfully install and configure openLDAP but when I attempt to start it
with MIrrorMode, it will not start. I ran slaptest to figure out where it's
hanging up on: 

[root@ldap1 ~]# slaptest2.4 -f /etc/openldap2.4/slapd.conf 
/etc/openldap2.4/slapd.conf: line 207: rootDN must be defined before
syncrepl may be used
slaptest2.4: bad configuration file!

Any suggestions why it continues to complain about rootDN? I have it
specified and if slapd is going through the lines, it should have picked up
the rootdn before syncrepl. Thoughts? 

Here is my slapd.conf: 

include	/usr/share/openldap2.4/schema/core.schema
include	/usr/share/openldap2.4/schema/cosine.schema
include	/usr/share/openldap2.4/schema/corba.schema
include	/usr/share/openldap2.4/schema/inetorgperson.schema
include	/usr/share/openldap2.4/schema/java.schema
include	/usr/share/openldap2.4/schema/krb5-kdc.schema
include /usr/share/openldap2.4/schema/kerberosobject.schema
include	/usr/share/openldap2.4/schema/misc.schema
include	/usr/share/openldap2.4/schema/nis.schema
include	/usr/share/openldap2.4/schema/openldap.schema
include /usr/share/openldap2.4/schema/autofs.schema
include /usr/share/openldap2.4/schema/samba.schema
include /usr/share/openldap2.4/schema/kolab.schema
include /usr/share/openldap2.4/schema/evolutionperson.schema
include /usr/share/openldap2.4/schema/calendar.schema
include /usr/share/openldap2.4/schema/sudo.schema
include /usr/share/openldap2.4/schema/dnszone.schema
include /usr/share/openldap2.4/schema/dhcp.schema

#include /usr/share/openldap2.4/schema/rfc822-MailMember.schema
#include /usr/share/openldap2.4/schema/pilot.schema
#include /usr/share/openldap2.4/schema/qmail.schema
#include /usr/share/openldap2.4/schema/mull.schema
#include /usr/share/openldap2.4/schema/netscape-profile.schema
#include /usr/share/openldap2.4/schema/trust.schema

include	/etc/openldap2.4/schema/local.schema
include 	/etc/openldap2.4/slapd.access.conf

access to dn.subtree="dc=domain,dc=pvt"
        by group="cn=Replicator,ou=Group,dc=domain,dc=pvt"
        by users read
        by anonymous read
pidfile		/var/run/ldap2.4/slapd.pid
argsfile	/var/run/ldap2.4/slapd.args

modulepath	/usr/lib64/openldap2.4

# database backend modules available:
#moduleload      back_dnssrv.la
#moduleload      back_ldap.la
#moduleload      back_meta.la
moduleload      back_monitor.la
#moduleload      back_passwd.la
#moduleload      back_sql.la

# overlay modules available:
#moduleload     accesslog.la
#moduleload     denyop.la
#moduleload     dyngroup.la
#moduleload     dynlist.la
#moduleload     glue.la
#moduleload     lastmod.la
#moduleload     pcache.la
#moduleload     ppolicy.la
#moduleload     refint.la
#moduleload     retcode.la
#moduleload     rwm.la
moduleload     syncprov.la
#moduleload     translucent.la
#moduleload     unique.la

#contrib overlays
#moduleload      smbk5pwd.so

# SASL config
#sasl-host ldap.domain.com

# To allow TLS-enabled connections, create /etc/ssl/openldap2.4/ldap.pem
# and uncomment the following lines.
#TLSRandFile            /dev/random
#TLSCipherSuite         HIGH:MEDIUM:+SSLv2
TLSCertificateFile      /etc/pki/tls/private/ldap.pem
TLSCertificateKeyFile   /etc/pki/tls/private/ldap.pem
#TLSCACertificatePath   /etc/ssl/openldap2.4/
#TLSCACertificateFile    /etc/ssl/cacert.pem
TLSCACertificateFile    /etc/pki/tls/private/ldap.pem
#TLSVerifyClient never # ([never]|allow|try|demand)

# logging
#loglevel 256

#######################################################################
# database definitions
#######################################################################

database	bdb
suffix		"dc=domain,dc=pvt"
#suffix		"o=My Organization Name,c=US"
rootdn		"cn=Manager,dc=domain,dc=pvt"
#rootdn		"cn=Manager,o=My Organization Name,c=US"

# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw		secret
# rootpw		{crypt}ijFYNcSNctBYg
rootpw	{SSHA}[NeeeNer NeeeNer NeeeNer]

# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory	/var/lib/ldap2.4

# Tuning settings, please see the man page for slapd-bdb for more
information
# as well as the DB_CONFIG file in the database directory
# commented entries are at their defaults
# In-memory cache size in entries
#cachesize 1000
# Checkpoint the bdb database after 256kb of writes or 5 minutes have passed
# since the last checkpoint
checkpoint 256 5

# Indices to maintain
index	objectClass						eq

# persion-type searches
index	cn,mail,surname,givenname
eq,subinitial

# nss_ldap exact searches:
index	uidNumber,gidNumber,memberuid,member,uniqueMember	eq
# username completion via nss_ldap needs uid indexed sub:
index   uid                                    
eq,subinitial

# samba:
index   sambaSID,sambaDomainName,displayName    		eq

# autofs:
#index   nisMapName                              		eq

# bind sdb_ldap:
#index   zoneName,relativeDomainName             		eq

# sudo
index   sudoUser                                		eq

# syncprov
#index  entryCSN,entryUUID                                      eq


limits group="cn=Replicator,ou=Group,dc=domain,dc=pvt"
size=unlimited
time=unlimited


database monitor

overlay syncprov
syncprov-checkpoint 10 1
syncprov-sessionlog 100

syncrepl rid=000
  provider=ldap://ldap1.oak.domain.pvt
  type=refreshAndPersist
  interval=01:00:00:00
  retry="5 5 300 +"
  rootdn="dc=domain,dc=pvt"
  attrs="*,+"
  bindmethod=simple
  binddn="cn=Manager,dc=domain,dc=pvt"
  credentials=domain1

syncrepl rid=001
  provider=ldap://ldap2.oak.domain.pvt
  type=refreshAndPersist
  interval=01:00:00:00
  retry="5 5 300 +"
  rootdn="dc=domain,dc=pvt"
  attrs="*,+"
  bindmethod=simple
  binddn="cn=Manager,dc=domain,dc=pvt"
  credentials=domain1

mirrormode TRUE
serverID 1