Re: ldap backend

["Stephan Duehr" <stephan.duehr@dass-it.de>]

Pierangelo Masarati said:
> Stephan Duehr wrote:
>
>>Hi all,
>>
>>I'm trying to use the ldap backend with the following scenario:
>>one slapd instance which already works properly using syncrepl is
>>listening on localhost port 10389.
>>
>>A second slapd instance using the ldap backend using this config:
>>
>>modulepath      /usr/lib/openldap/modules
>>moduleload    back_ldap.la
>># moduleload    back_meta.la
>># moduleload    back_monitor.la
>># moduleload    back_perl.la
>>
>>loglevel -1
>>
>>database        ldap
>>suffix          "o=My Test,c=de"
>>uri             "ldap://localhost:10389/";
>>binddn          "cn=replica,o=My Test,c=de"
>>bindpw          "secret"
>>lastmod         off
>>
>>The problem is that i get the following error message:
>>Dec  7 16:09:48 server1 slapd[24458]: /etc/openldap/slapd-ldap.conf: line
>>11: suffix DN is invalid
>>Dec  7 16:09:48 server1 slapd[24458]: slapd shutdown: freeing system
>>resources.
>>Dec  7 16:09:48 server1 slapd[24458]: slapd stopped.
>>
>>I also tried suffixes without spaces, doesn't matter.
>>
>>How can I find out what's wrong here?
>>
>>
>
>  From the line number in the error message, it appears that the above is
> your entire slapd.conf, not just a portion of it.  Did you load the
> schema files containing the definitions of "o" and "c"?  You will need
> as much schema as you can (e.g. the same as of the remote host)
> otherwise the unknown attributeTypes and objectClasses will be (more or
> less silently) dropped by the ldap backend.

Thanks, it works if I include at least core.schema. I find the error
message a bit misleading. And the documentation and man page does not
show a working example nor seems to mention this clearly. The way it
should be configured is to keep the schema in sync with the remote LDAP
server, which is easy if it's OpenLDAP, too.

-- 
Stephan Dühr
dass IT GmbH