[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl provider not working after upgrade to 2.4.26

On 17/10/2011 9:52 ÎÎ, Nick Milas wrote:

I upgraded with the same configuration to v2.4.26 and provider is not working

Hmm, actually I changed a couple of things:

1. I am now using a different openldap RPM package (with different
   paths etc.); This should not be important, because I have updated
   configuration accordingly and everything (except syncrepl provider)
   works fine.
2. I have chosen to use hdb rather than bdb in the new setup. All
   entries were migrated by using slapcat on the initial instance and
   then slapadd on the new openldap instance. (They were migrated

Could the use of hdb on the provider cause such a problem ("server is unwilling to perform")? (According to documentation hdb supports syncrepl).

I read that this error means that "lapd will return an unwilling to perform error if the backend holding the target entry does not support the given operation". Why wouldn't the backend support sync operations in this case?

Note that I tried (in consumers) all sorts of configurations (plain ldap without starttls or with starttls, ldaps) but nothing worked.

In any case, below is my whole slapd.conf (Note: In this Openldap RPM, provided by the LTB project, all modules are included and not dynamically loaded):


include         /usr/local/openldap/etc/openldap/schema/core.schema
include         /usr/local/openldap/etc/openldap/schema/cosine.schema
include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include         /usr/local/openldap/etc/openldap/schema/nis.schema
include         /usr/local/openldap/etc/openldap/schema/eduperson.schema
include         /usr/local/openldap/etc/openldap/schema/postfix.schema
include         /usr/local/openldap/etc/openldap/schema/dyngroup.schema
include         /usr/local/openldap/etc/openldap/schema/misc.schema
include         /usr/local/openldap/etc/openldap/schema/ppolicy.schema
include /usr/local/openldap/etc/openldap/schema/schac-20090326-1.4.0.schema
include         /usr/local/openldap/etc/openldap/schema/dnsdomain2.schema
include         /usr/local/openldap/etc/openldap/schema/proftpd-quota.schema
include         /usr/local/openldap/etc/openldap/schema/kerberos.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

pidfile         /usr/local/openldap/var/run/slapd.pid
argsfile        /usr/local/openldap/var/run/slapd.args

# Load dynamic backend modules:
modulepath      /usr/local/openldap/lib64

loglevel sync

sizelimit unlimited
timelimit unlimited

TLSCACertificateFile /usr/local/openldap/etc/openldap/certs/chain.pem
TLSCertificateFile /usr/local/openldap/etc/openldap/certs/cert.pem
TLSCertificateKeyFile /usr/local/openldap/etc/openldap/certs/priv.pem
TLSVerifyClient never

database        hdb
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          secret

# ACLs #
include         /usr/local/openldap/etc/openldap/acl.conf

directory       /usr/local/openldap/var/openldap-data

overlay         auditlog
auditlog        /usr/local/openldap/var/openldap-data/ldapaudit.log

index   objectClass              eq,pres
index   employeeType             pres,eq
index   cn                       eq,pres,sub
index   sn,givenname             eq,pres,sub
index   mail                     eq,pres,sub
index   uid                      eq,pres
index   ou                       eq,pres
index   mailacceptinggeneralid   eq,pres
index   owner                    eq
index   entryCSN,entryUUID       eq
index   vacationActive           eq
index   associatedDomain         pres,eq,sub
index   aRecord,pTRRecord        pres,eq,sub
index   aliasInactive            eq
index   krbPrincipalName         eq,pres,sub
index   schacUserStatus          eq,pres

# Allow dynamic lists

overlay dynlist
dynlist-attrset nisMailAlias labeledURI
dynlist-attrset groupOfURLs labeledURI member

# Setup Provider - Allow Consumer Sync

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

database monitor

access to *
   by dn.exact="cn=Manager,dc=example,dc=com" read
   by * none