[Date Prev][Date Next] [Chronological] [Thread] [Top]

Unable to start slapd, syncrepl error










Oh the wise and mighty of the openLDAP community, 


I have an issue that I have not been able to understand. Partially because

I an enthusitis, not an expert in the domain. That being said, I've used

an openLDAP RPM compiled by one of the fellow *nix admins:

http://staff.telkomsa.net/packages - Yes, besides the security reasons I'm

desparate enough to try this. I'll eventually use the spec to compile my own

RPM.


I'm running CentOS 5.7 x86_64 with the latest packages. I was able to

successfully install and configure openLDAP but when I attempt to start it

with MIrrorMode, it will not start. I ran slaptest to figure out where it's

hanging up on: 


[root@ldap1 ~]# slaptest2.4 -f /etc/openldap2.4/slapd.conf 

/etc/openldap2.4/slapd.conf: line 207: rootDN must be defined before

syncrepl may be used

slaptest2.4: bad configuration file!


Any suggestions why it continues to complain about rootDN? I have it

specified and if slapd is going through the lines, it should have picked up

the rootdn before syncrepl. Thoughts? 


Here is my slapd.conf: 


include /usr/share/openldap2.4/schema/core.schema

include /usr/share/openldap2.4/schema/cosine.schema

include /usr/share/openldap2.4/schema/corba.schema

include /usr/share/openldap2.4/schema/inetorgperson.schema

include /usr/share/openldap2.4/schema/java.schema

include /usr/share/openldap2.4/schema/krb5-kdc.schema

include /usr/share/openldap2.4/schema/kerberosobject.schema

include /usr/share/openldap2.4/schema/misc.schema

include /usr/share/openldap2.4/schema/nis.schema

include /usr/share/openldap2.4/schema/openldap.schema

include /usr/share/openldap2.4/schema/autofs.schema

include /usr/share/openldap2.4/schema/samba.schema

include /usr/share/openldap2.4/schema/kolab.schema

include /usr/share/openldap2.4/schema/evolutionperson.schema

include /usr/share/openldap2.4/schema/calendar.schema

include /usr/share/openldap2.4/schema/sudo.schema

include /usr/share/openldap2.4/schema/dnszone.schema

include /usr/share/openldap2.4/schema/dhcp.schema


#include /usr/share/openldap2.4/schema/rfc822-MailMember.schema

#include /usr/share/openldap2.4/schema/pilot.schema

#include /usr/share/openldap2.4/schema/qmail.schema

#include /usr/share/openldap2.4/schema/mull.schema

#include /usr/share/openldap2.4/schema/netscape-profile.schema

#include /usr/share/openldap2.4/schema/trust.schema


include /etc/openldap2.4/schema/local.schema

include /etc/openldap2.4/slapd.access.conf


access to dn.subtree="dc=domain,dc=pvt"

by group="cn=Replicator,ou=Group,dc=domain,dc=pvt"

by users read

by anonymous read

pidfile /var/run/ldap2.4/slapd.pid

argsfile /var/run/ldap2.4/slapd.args


modulepath /usr/lib64/openldap2.4


# database backend modules available:

#moduleloadback_dnssrv.la

#moduleloadback_ldap.la

#moduleloadback_meta.la

moduleloadback_monitor.la

#moduleloadback_passwd.la

#moduleloadback_sql.la


# overlay modules available:

#moduleload accesslog.la

#moduleload denyop.la

#moduleload dyngroup.la

#moduleload dynlist.la

#moduleload glue.la

#moduleload lastmod.la

#moduleload pcache.la

#moduleload ppolicy.la

#moduleload refint.la

#moduleload retcode.la

#moduleload rwm.la

moduleload syncprov.la

#moduleload translucent.la

#moduleload unique.la


#contrib overlays

#moduleloadsmbk5pwd.so


# SASL config

#sasl-host ldap.domain.com


# To allow TLS-enabled connections, create /etc/ssl/openldap2.4/ldap.pem

# and uncomment the following lines.

#TLSRandFile/dev/random

#TLSCipherSuite HIGH:MEDIUM:+SSLv2

TLSCertificateFile/etc/pki/tls/private/ldap.pem

TLSCertificateKeyFile /etc/pki/tls/private/ldap.pem

#TLSCACertificatePath /etc/ssl/openldap2.4/

#TLSCACertificateFile/etc/ssl/cacert.pem

TLSCACertificateFile/etc/pki/tls/private/ldap.pem

#TLSVerifyClient never # ([never]|allow|try|demand)


# logging

#loglevel 256


#######################################################################

# database definitions

#######################################################################


database bdb

suffix "dc=domain,dc=pvt"

#suffix "o=My Organization Name,c=US"

rootdn "cn=Manager,dc=domain,dc=pvt"

#rootdn "cn=Manager,o=My Organization Name,c=US"


# Cleartext passwords, especially for the rootdn, should

# be avoided.See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

# rootpw secret

# rootpw {crypt}ijFYNcSNctBYg

rootpw {SSHA}[NeeeNer NeeeNer NeeeNer]


# The database directory MUST exist prior to running slapd AND

# should only be accessable by the slapd/tools. Mode 700 recommended.

directory /var/lib/ldap2.4


# Tuning settings, please see the man page for slapd-bdb for more

information

# as well as the DB_CONFIG file in the database directory

# commented entries are at their defaults

# In-memory cache size in entries

#cachesize 1000

# Checkpoint the bdb database after 256kb of writes or 5 minutes have passed

# since the last checkpoint

checkpoint 256 5


# Indices to maintain

index objectClass eq


# persion-type searches

index cn,mail,surname,givenname

eq,subinitial


# nss_ldap exact searches:

index uidNumber,gidNumber,memberuid,member,uniqueMember eq

# username completion via nss_ldap needs uid indexed sub:

index uid

eq,subinitial


# samba:

index sambaSID,sambaDomainName,displayName eq


# autofs:

#index nisMapName eq


# bind sdb_ldap:

#index zoneName,relativeDomainName eq


# sudo

index sudoUser eq


# syncprov

#indexentryCSN,entryUUIDeq



limits group="cn=Replicator,ou=Group,dc=domain,dc=pvt"

size=unlimited

time=unlimited



database monitor


overlay syncprov

syncprov-checkpoint 10 1

syncprov-sessionlog 100


syncrepl rid=000

provider=ldap://ldap1.oak.domain.pvta

type=refreshAndPersist

interval=01:00:00:00

retry="5 5 300 +"

rootdn="dc=domain,dc=pvt"

attrs="*,+"

bindmethod=simple

binddn="cn=Manager,dc=domain,dc=pvt"

credentials=domain1


syncrepl rid=001

provider=ldap://ldap2.oak.domain.pvt

type=refreshAndPersist

interval=01:00:00:00

retry="5 5 300 +"

rootdn="dc=domain,dc=pvt"

attrs="*,+"

bindmethod=simple

binddn="cn=Manager,dc=domain,dc=pvt"

credentials=domain1


mirrormode TRUE

serverID 1