[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6465) startup error after converting to slapd-config

To: openldap-its@OpenLDAP.org
Subject: (ITS#6465) startup error after converting to slapd-config
From: gerard.ranke@kmt.hku.nl
Date: Fri, 29 Jan 2010 09:35:59 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Gerard Ranke
Version: 2.4.21
OS: IRIX 6.5.30
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (192.87.216.230)


We run openLDAP 2.4.21 on one master plus 7 slaves. Some time ago ( I believe we
were on 2.4.19 at the time ), I converted one of the slaves to slapd-config from
slapd.conf to get myself acquainted with it, and that went without problems.
Now, if I try the conversion with slaptest -f slapd.conf -F slapd.d, the
conversion works ok, but slapd won't start, and gives this error:

Jan 18 15:30:20 7E:example-slave slapd[1741992]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: ldapdb
Jan 18 15:30:20 7U:example-slave slapd[1741992]: olcSyncrepl: value #0:
<olcSyncrepl> invalid URL
Jan 18 15:30:20 7U:example-slave slapd[1741992]: config error processing
olcDatabase={1}hdb,cn=config: <olcSyncrepl> invalid URL
Jan 18 15:30:20 7U:example-slave slapd[1741992]: slapd stopped.
Jan 18 15:30:20 7U:example-slave slapd[1741992]: connections_destroy: nothing to
destroy.

I noticed that the olcSyncrepl in olcDatabase={1}hdb,cn=config changed from:

olcSyncrepl: rid=001 provider=ldap://masterldap.example.com:389
bindmethod=simple timeout
 =0 network-timeout=0 binddn="cn=syncuser,dc=example,dc=com"
credentials="xxxxxxxxx
 " starttls=critical filter="(objectClass=*)" searchbase="dc=example,dc=com"
scope=
 sub attrs="*,+" schemachecking=off type=refreshAndPersist retry="5 5 10 +"

for the older openldap version, to:

olcSyncrepl: rid=001 provider=ldap://masterldap.example.com:389 uri=""
bindmethod=simple
 timeout=0 network-timeout=0 binddn="cn=syncuser,dc=example,dc=com"
credentials="xxxxxxxxx" starttls=critical
tls_cert="/usr/ssl/certs/examplewildcard.cert
 " tls_key="/usr/ssl/certs/examplewildcard.key" tls_cacert="/usr
 /ssl/certs/cacert_root.crt" tls_reqcert=demand tls_crlcheck=none filter="(obj
 ectClass=*)" searchbase="dc=example,dc=com" scope=sub attrs="*,+"
schemachecking=o
 ff type=refreshAndPersist retry="5 5 10 +"

for 2.4.21.
Notice the ' uri="" ' in the last version.

Fortunately, if I remove the empty uri assignment from the ldif file, slapd
starts normally. 

I also noticed the slaves which I converted earlier ( so which had the first
olcSyncrepl 'format' above ) didn't replicate properly ( contextcsn also lagging
behind ). I shut down slapd on these machines, cleaned out slapd.d, converted
again, removed the 'uri=""' and restarted. After that, the replication caught up
by itself.
Thanks for your attention for this!

Prev by Date: (ITS#6464) Buffer overflow
Next by Date: (ITS#6466) certificateListValidate rejects valid X.509 CRLs (but not RFC-compliant)
Index(es):
- Chronological
- Thread