[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl provider not working after upgrade to 2.4.26
On 17/10/2011 9:52 ÎÎ, Nick Milas wrote:
I upgraded with the same configuration to v2.4.26 and provider is not
working
Hmm, actually I changed a couple of things:
1. I am now using a different openldap RPM package (with different
paths etc.); This should not be important, because I have updated
configuration accordingly and everything (except syncrepl provider)
works fine.
2. I have chosen to use hdb rather than bdb in the new setup. All
entries were migrated by using slapcat on the initial instance and
then slapadd on the new openldap instance. (They were migrated
successfully.
Could the use of hdb on the provider cause such a problem ("server is
unwilling to perform")? (According to documentation hdb supports syncrepl).
I read that this error means that "lapd will return an unwilling to
perform error if the backend holding the target entry does not support
the given operation". Why wouldn't the backend support sync operations
in this case?
Note that I tried (in consumers) all sorts of configurations (plain ldap
without starttls or with starttls, ldaps) but nothing worked.
In any case, below is my whole slapd.conf (Note: In this Openldap RPM,
provided by the LTB project, all modules are included and not
dynamically loaded):
Thanks,
Nick
-----------------------------------------------------------------------------------
slapd.conf:
-----------------------------------------------------------------------------------
include /usr/local/openldap/etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap/etc/openldap/schema/nis.schema
include /usr/local/openldap/etc/openldap/schema/eduperson.schema
include /usr/local/openldap/etc/openldap/schema/postfix.schema
include /usr/local/openldap/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap/etc/openldap/schema/misc.schema
include /usr/local/openldap/etc/openldap/schema/ppolicy.schema
include
/usr/local/openldap/etc/openldap/schema/schac-20090326-1.4.0.schema
include /usr/local/openldap/etc/openldap/schema/dnsdomain2.schema
include /usr/local/openldap/etc/openldap/schema/proftpd-quota.schema
include /usr/local/openldap/etc/openldap/schema/kerberos.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /usr/local/openldap/var/run/slapd.pid
argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/openldap/lib64
loglevel sync
sizelimit unlimited
timelimit unlimited
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/openldap/etc/openldap/certs/chain.pem
TLSCertificateFile /usr/local/openldap/etc/openldap/certs/cert.pem
TLSCertificateKeyFile /usr/local/openldap/etc/openldap/certs/priv.pem
TLSVerifyClient never
database hdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
########
# ACLs #
########
include /usr/local/openldap/etc/openldap/acl.conf
directory /usr/local/openldap/var/openldap-data
overlay auditlog
auditlog /usr/local/openldap/var/openldap-data/ldapaudit.log
index objectClass eq,pres
index employeeType pres,eq
index cn eq,pres,sub
index sn,givenname eq,pres,sub
index mail eq,pres,sub
index uid eq,pres
index ou eq,pres
index mailacceptinggeneralid eq,pres
index owner eq
index entryCSN,entryUUID eq
index vacationActive eq
index associatedDomain pres,eq,sub
index aRecord,pTRRecord pres,eq,sub
index aliasInactive eq
index krbPrincipalName eq,pres,sub
index schacUserStatus eq,pres
# Allow dynamic lists
overlay dynlist
dynlist-attrset nisMailAlias labeledURI
dynlist-attrset groupOfURLs labeledURI member
# Setup Provider - Allow Consumer Sync
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
database monitor
access to *
by dn.exact="cn=Manager,dc=example,dc=com" read
by * none
-----------------------------------------------------------------------------------