--On Monday, December 31, 2012 9:49 AM -0800 fal patel <fal0patel@gmail.com> wrote:There is no URI bit in the admin guide. I highly advise you go re-read it. What you posted is clearly invalid.
Hey Quanah,
Thank you very much for the debugging tip! -- Using it I got further in.
Now I get an error "<= str2entry: str2ad(UR1): attribute type undefined".
I must be setting my external variables (such as UR1) incorrectly in my
LDIF file.
What is the correct syntax for setting them, please?
I tried each of the following sentences, none of which worked:
URI1: ldap://host1.hq.mycompany.com:389/
URI1: ldap://host1.hq.mycompany.com:389
URI1: "ldap://host1.hq.mycompany.com:389/"
URI1="ldap://host1.hq.mycompany.com:389/"
URI1="ldap://host1.hq.mycompany.com:389"
URI1 ldap://host1.hq.mycompany.com:389/
>From the admin guide:
-----------------------------------------------------
Now we setup the first Master Node (replace $URI1, $URI2 and $URI3 etc. with your actual ldap urls):-----------------------------------------------------
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 $URI1
olcServerID: 2 $URI2
olcServerID: 3 $URI3
I.e. the attribute name is "olcServerID".
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
slapadd init: initiated tool. slap_sasl_init: initialized! bdb_back_initialize: initialize BDB backend bdb_back_initialize: Berkeley DB 4.7.25: (April 4, 2012) hdb_back_initialize: initialize HDB backend hdb_back_initialize: Berkeley DB 4.7.25: (April 4, 2012) null_back_initialize: initialize null backend backend_startup_one: starting "cn=config" ldif_read_file: no entry file "/etc/openldap/slapd.d/cn=config.ldif" send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=32 matched="" text="" >>> dnNormalize: <cn=Subschema> <<< dnNormalize: <cn=subschema> matching_rule_use_init 1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax ) ) 1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax ) ) 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig ) ) 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig ) ) 2.5.13.39 (certificateListMatch): 2.5.13.38 (certificateListExactMatch): 2.5.13.35 (certificateMatch): 2.5.13.34 (certificateExactMatch): 2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes ) ) 2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax ) ) 2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) ) 2.5.13.24 (protocolInformationMatch): 2.5.13.23 (uniqueMemberMatch): 2.5.13.22 (presentationAddressMatch): 2.5.13.20 (telephoneNumberMatch): 2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) ) 2.5.13.16 (bitStringMatch): 2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax ) ) 2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $ olcDbNoUndefFilter ) ) 2.5.13.11 (caseIgnoreListMatch): 2.5.13.8 (numericStringMatch): 2.5.13.7 (caseExactSubstringsMatch): 2.5.13.6 (caseExactOrderingMatch): 2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbCancel $ olcDbIDAssertPassThru $ olcDbSocketPath $ olcDbSocketExtensions ) ) 2.5.13.4 (caseIgnoreSubstringsMatch): 2.5.13.3 (caseIgnoreOrderingMatch): 2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbCancel $ olcDbIDAssertPassThru $ olcDbSocketPath $ olcDbSocketExtensions ) ) 1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ olcRelay ) ) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures ) ) slapadd startup: initiated. backend_startup_one: starting "cn=config" config_back_db_open Backend ACL: access to * by * none config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context => str2entry: "#################################### # nwaymmr2s.ldif #################################### # This sets up the config database: # for OpenLDAP server 1: # dn: cn=config # objectClass: olcGlobal # cn: config # olcServerID: 1 # # dn: olcDatabase={0}config,cn=config # objectClass: olcDatabaseConfig # olcDatabase: {0}config # olcRootPW: secret # # second and third servers will have a different olcServerID obviously: # for OpenLDAP server 2: dn: cn=config objectClass: olcGlobal cn: config olcServerID: 2 " >>> dnPrettyNormal: <cn=config> <<< dnPrettyNormal: <cn=config>, <cn=config> <= str2entry(cn=config) -> 0x7f02dcd5c2f8 oc_check_required entry (cn=config), objectClass "olcGlobal" oc_check_allowed type "objectClass" oc_check_allowed type "cn" oc_check_allowed type "olcServerID" oc_check_allowed type "structuralObjectClass" olcServerID: value #0: SID=0x002 ldif_write_entry: wrote entry "cn=config" added: "cn=config" (00000001) => str2entry: "dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret # # for OpenLDAP server 3: # dn: cn=config # objectClass: olcGlobal # cn: config # olcServerID: 3 # # dn: olcDatabase={0}config,cn=config # objectClass: olcDatabaseConfig # olcDatabase: {0}config # olcRootPW: secret # " >>> dnPrettyNormal: <olcDatabase={0}config,cn=config> <<< dnPrettyNormal: <olcDatabase={0}config,cn=config>, <olcDatabase={0}config,cn=config> <= str2entry(olcDatabase={0}config,cn=config) -> 0x7f02dcd5c2f8 oc_check_required entry (olcDatabase={0}config,cn=config), objectClass "olcDatabaseConfig" oc_check_allowed type "objectClass" oc_check_allowed type "olcDatabase" oc_check_allowed type "olcRootPW" oc_check_allowed type "structuralObjectClass" config_build_entry: "olcDatabase={-1}frontend" ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config.ldif" => str2entry: "dn: cn=config objectClass: olcGlobal cn: config olcServerID: 2 structuralObjectClass: olcGlobal entryUUID: 0dba7296-e8fb-1031-93f5-b37179e0df9e creatorsName: cn=config createTimestamp: 20130102073749Z entryCSN: 20130102073749.857806Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130102073749Z " >>> dnPrettyNormal: <cn=config> <<< dnPrettyNormal: <cn=config>, <cn=config> >>> dnPretty: <cn=config> <<< dnPretty: <cn=config> >>> dnNormalize: <cn=config> <<< dnNormalize: <cn=config> >>> dnPretty: <cn=config> <<< dnPretty: <cn=config> >>> dnNormalize: <cn=config> <<< dnNormalize: <cn=config> <= str2entry(cn=config) -> 0x7f02dcd5c3e8 ldif_write_entry: wrote entry "olcDatabase={-1}frontend,cn=config" ldif_write_entry: wrote entry "olcDatabase={0}config,cn=config" added: "olcDatabase={0}config,cn=config" (00000001) => str2entry: "# This sets up syncrepl as a provider (since these are all masters): dn: cn=module,cn=config objectClass: olcModuleList cn: module # olcModulePath: /usr/local/libexec/openldap olcModulePath: /usr/lib64/openldap olcModuleLoad: syncprov.la " >>> dnPrettyNormal: <cn=module,cn=config> <<< dnPrettyNormal: <cn=module,cn=config>, <cn=module,cn=config> <= str2entry(cn=module,cn=config) -> 0x7f02dcd5c2f8 oc_check_required entry (cn=module,cn=config), objectClass "olcModuleList" oc_check_allowed type "objectClass" oc_check_allowed type "cn" oc_check_allowed type "olcModulePath" oc_check_allowed type "olcModuleLoad" oc_check_allowed type "structuralObjectClass" >>> dnNormalize: <cn=module{0}> <<< dnNormalize: <cn=module{0}> loaded module syncprov.la module syncprov.la: null module registered ldif_write_entry: wrote entry "cn=module{0},cn=config" added: "cn=module{0},cn=config" (00000001) => str2entry: "# Now we setup the first Master Node # (replace $URI1, $URI2 and $URI3 etc. with your actual ldap urls): # URI1=ldap://10.12.223.10:389/ # URI2=ldap://10.12.223.11:389/ # URI3=ldap://10.12.223.12:389/ # olcServerID: 1 $URI1 # olcServerID: 2 $URI2 # olcServerID: 3 $URI3 dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://10.12.223.10:389/ olcServerID: 2 ldap://10.12.223.11:389/ olcServerID: 3 ldap://10.12.223.12:389/ " >>> dnPrettyNormal: <cn=config> <<< dnPrettyNormal: <cn=config>, <cn=config> <= str2entry: str2ad(changetype): attribute type undefined slapadd: could not parse entry (line=48) slapadd shutdown: initiated slapadd destroy: freeing system resources.
Attachment:
nwaymmr2s.ldif
Description: Binary data