Full_Name: Quanah Gibson-Mount Version: 2.4.15 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.29.239)
In a discussion with a user on the #openldap channel in IRC, they noted that if they had both the chain and syncprov overlays enabled in their configuration, slapd would refuse to start. Commenting out either one allowed slapd to start. I didn't see any obvious misconfigurations on their part. Configs as follows:
include /usr/local/openldap-2.4.15/etc/openldap/schema/core.schema include /usr/local/openldap-2.4.15/etc/openldap/schema/cosine.schema include /usr/local/openldap-2.4.15/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap-2.4.15/etc/openldap/schema/misc.schema include /usr/local/openldap-2.4.15/etc/openldap/schema/nis.schema include /usr/local/openldap-2.4.15/etc/openldap/schema/dyngroup.schema
pidfile /usr/local/openldap-2.4.15/var/run/slapd.pid argsfile /usr/local/openldap-2.4.15/var/run/slapd.args
modulepath /usr/local/openldap-2.4.15/libexec/openldap moduleload accesslog.la moduleload auditlog.la moduleload back_bdb.la moduleload back_ldap.la moduleload back_monitor.la moduleload dyngroup.la moduleload ppolicy.la moduleload syncprov.la moduleload unique.la
# TLS Section TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3 TLSCACertificateFile /usr/local/openldap-2.4.15/etc/openldap/cacert.pem TLSCertificateFile /usr/local/openldap-2.4.15/etc/openldap/servercert.pem TLSCertificateKeyFile /usr/local/openldap-2.4.15/etc/openldap/serverkey.pem TLSVerifyClient never security tls=256
password-crypt-salt-format "$1$%.8s$"
loglevel 256 loglevel stats sync
overlay chain chain-uri "ldap://xxx" chain-idassert-bind bindmethod="simple" binddn="cn=Manager,dc=XYX,dc=com" credentials="secret" mode="self" chain-tls start chain-return-error TRUE
database bdb suffix "dc=XYZ,dc=com" rootdn "cn=Manager,dc=XYZ,dc=com" rootpw secret directory /usr/local/openldap-2.4.15/var/openldap-data/XYZ.com-slave
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
syncrepl rid=010 provider=ldap://xxx type=refreshAndPersist interval=00:00:00:05 searchbase="dc=XYZ,dc=com" bindmethod=simple binddn="cn=SyncRepl,dc=XYZ,dc=com" credentials=secret retry="5 5 300 5" starttls=yes tls_reqcert=never
slapd -d -1 output wasn't too helpful, either:
@(#) $OpenLDAP: slapd 2.4.15 (Mar 2 2009 11:27:50) $ bill@crash:/home/bill/openldap-2.4.15/servers/slapd ldap_pvt_gethostbyname_a: host=crash, r=0 daemon_init: listen on ldap:// daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap://) daemon: listener initialized ldap:// daemon_init: 2 listeners opened ldap_create slapd init: initiated server. slap_sasl_init: initialized! bdb_back_initialize: initialize BDB backend bdb_back_initialize: Berkeley DB 4.7.25: (May 15, 2008) bdb_db_init: Initializing BDB database
dnPrettyNormal: <dc=XYZ,dc=com>
<<< dnPrettyNormal: <dc=XYZ,dc=com>, <dc=XYZ,dc=com>
dnPrettyNormal: <cn=Manager,dc=XYZ,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=XYZ,dc=com>, <cn=manager,dc=XYZ,dc=com>
dnNormalize: <cn=Manager,dc=XYZ,dc=com>
<<< dnNormalize: <cn=manager,dc=XYZ,dc=com> slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy.