Full_Name: Quanah Gibson-Mount
Version: 2.4.48
OS: N/A
URL:
ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.128.44)
When converting this basic slapd.conf for back-ldap:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
include /usr/local/etc/openldap/schema/misc.schema
loglevel 256
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
modulepath /usr/local/libexec/openldap
moduleload rwm
moduleload back_ldap
database ldap
readonly yes
protocol-version 3
rebind-as-user yes
uri "ldaps://universe.example.com"
suffix "dc=universe,dc=example,dc=com"
overlay rwm
rwm-map attribute uid sAMAccountName
rwm-map attribute mail proxyAddresses
chase-referrals yes
idassert-bind bindmethod=simple binddn="cn=ldap_phone,ou=LDAP
Access,dc=example,dc=com" credentials='Password1234'
tls_cacert=/usr/local/etc/openldap/example_com_Universe_Root_CA.cer
The resulting back-ldap configuration has an invalid olcDbStartTLS attribute:
olcDbStartTLS: none starttls=no
Per the man page, "none" is not valid at all, and also per the man page, since
the URI is using ldaps, the value should be:
olcDbStartTLS: ldaps
Config is based off of a real life configuration from an end user, where things
worked with slapd.conf but were broken post-conversion to cn=config. Fixing the
olcDbStartTLS value to be valid resolved the issue.