Re: Trying to set up multimaster syncrepl, error attribute 'olcTLSCertificateFile' not allowed , why?

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Friday, November 20, 2015 12:27 AM -0500 Betsy Schwartz 
<betsy.schwartz@gmail.com> wrote:

> I inherited a pair  of (interestingly configured) ldap servers from a
> previous owner and I'm trying to get them to replicate to each other
> (actually, starting with two new VM copies, with the goal of ending up
> with four masters spread over two data centers). The VM's are running 
> RHEL6 and openldap 2.4.40.
>
>
> When I try to add replication using the  ldif included at the bottom of
> this post , I get this error and then cannot restart slapd
> --
> [root@ldap01 tmp]#  ldapmodify  -Y  EXTERNAL -H ldapi:/// -f
> /tmp/repl.ldif
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> modifying entry "cn=config"
>
> adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
>
> modifying entry "olcDatabase={2}bdb,cn=config"
> ldap_modify: Object class violation (65)
>         additional info: attribute 'olcTLSCertificateFile' not
> allowed

Hi Betsy,

I would suggest using slapcat to export the config database and clean up 
the invalid attribute values that were incorrectly added to the bdb 
database.

After that, I would advise:

a) Upgrading to a current openldap release
b) Switching to back-mdb, assuming a 64-bit OS.

--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration