Hello,
I am setting up several openldap servers, and would like them to be synchronized, multi-master style.
Configuration : Version: 2.4.16 packaged by Symas OS: RedHat 5.3
I have tried following the Admin guide but for some reason, I just can't include the syncprov module. When I add the line "overlay syncprov" in my slapd.conf file, slapd fails to start and i get this error message : Aug 6 17:29:21 localhost slapd[25880]: overlay "syncprov" not found
I found some information about this bug at https://bugzilla.redhat.com/show_bug.cgi?id=466937 , but i'm not sure whether it applies for symas'package : "syncprov is compiled statically into slapd daemon to keep backward compatibility"
I tried to skip this part, but as expected, replication doesn't work. I keep getting this message in logs. Aug 6 17:33:10 localhost slapd[25901]: slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.1.9.1.1 According to a thread in this mailing list, this error appears when syncprov is not loaded in slapd.conf ( http://www.openldap.org/lists/openldap-software/200605/msg00277.html)
So here I am, stuck. I can't find syncprov.la in my module folder (/opt/symas/lib64/openldap), and I can't find any way to solve this problem.
Did I miss something ? How can i get this to work ?
Any advice would be very appreciated.
-- Pierre
On Thursday, 6 August 2009 16:57:25 Pierre Laporte wrote:
Hello,
I am setting up several openldap servers, and would like them to be synchronized, multi-master style.
Configuration : Version: 2.4.16 packaged by Symas OS: RedHat 5.3
I have tried following the Admin guide but for some reason, I just can't include the syncprov module.
How were you trying to "include the syncprov module" ? With 'moduleload syncprov.la' ? Was the modulepath set correctly? Can you provide some debug output from slapd showing what it tried?
When I add the line "overlay syncprov" in my slapd.conf file, slapd fails to start and i get this error message : Aug 6 17:29:21 localhost slapd[25880]: overlay "syncprov" not found
So, this means that the syncprov overlay was not found, it is most likely provided as a module. Not knowing exactly how Symas packages their binaries, I would run '"find /opt/symas -name 'syncprov*'" to try and find a module, or "objdump -T `find /opt/symas -name 'slapd'`|grep syncprov" to determine if syncprov is built in.
I found some information about this bug at https://bugzilla.redhat.com/show_bug.cgi?id=466937 , but i'm not sure whether it applies for symas'package : "syncprov is compiled statically into slapd daemon to keep backward compatibility"
No, the Red Hat people just made some bad decisions previously ...
I tried to skip this part, but as expected, replication doesn't work. I keep getting this message in logs. Aug 6 17:33:10 localhost slapd[25901]: slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.1.9.1.1 According to a thread in this mailing list, this error appears when syncprov is not loaded in slapd.conf ( http://www.openldap.org/lists/openldap-software/200605/msg00277.html)
So here I am, stuck. I can't find syncprov.la in my module folder (/opt/symas/lib64/openldap), and I can't find any way to solve this problem.
Did I miss something ? How can i get this to work ?
There are other options for packages for Red Hat, such as:
http://staff.telkomsa.net/packages/rhel5/openldap/
(see http://staff.telkomsa.net/packages/OpenLDAP.repo)
Which ships syncprov as a module ... see the comments in the default slapd.conf.
Of course, as the Symas people usually say about Red Hat, contact the provider of your binaries for support :-p. I can't imagine that Symas would ship without syncprov, so you may want to consult any documentation they have provided if you haven't yet come right.
Regards, Buchan
Hi, I tried to gather some more information.
How were you trying to "include the syncprov module" ? With 'moduleload syncprov.la' ? Was the modulepath set correctly? Can you provide some debug output from slapd showing what it tried?
Yep, using "moduleload syncprov.la". As soon as I try to start slapd, i get this in the logfile :
$ solserver restart Aug 17 15:58:28 localhost slapd[29875]: @(#) $OpenLDAP: slapd 2.4.16 (Apr 20 2009 19:56:04) $ svovi01@viol :/home/build/sol-2.4.16-0/bld64/ldap24/servers/slapd Aug 17 15:58:28 localhost slapd[29875]: lt_dlopenext failed: (syncprov.la) file not found Aug 17 15:58:28 localhost slapd[29875]: slapd stopped. Aug 17 15:58:28 localhost slapd[29875]: connections_destroy: nothing to destroy.
My modulepath is defined by : "modulepath /opt/symas/lib64/openldap"
$ cd /opt/symas/lib64/openldap ; ls *.la back_bdb.la back_hdb.la back_monitor.la collect.la constraint.la dds.la dyngroup.la dynlist.la memberof.la ppolicy.la refint.la retcode.la seqmod.la unique.la valsort.la
=> No syncprov.la here
Considering that it might be linked statically, i tried to use only this line in slapd.conf : "overlay syncprov"
But here are the logs : Aug 17 16:04:47 localhost slapd[30049]: @(#) $OpenLDAP: slapd 2.4.16 (Apr 20 2009 19:56:04) $ svovi01@viol :/home/build/sol-2.4.16-0/bld64/ldap24/servers/slapd Aug 17 16:04:47 localhost slapd[30049]: overlay "syncprov" not found Aug 17 16:04:47 localhost slapd[30049]: slapd stopped. Aug 17 16:04:47 localhost slapd[30049]: connections_destroy: nothing to destroy.
So, this means that the syncprov overlay was not found, it is most likely provided as a module. Not knowing exactly how Symas packages their binaries, I would run '"find /opt/symas -name 'syncprov*'" to try and find a module, or "objdump -T `find /opt/symas -name 'slapd'`|grep syncprov" to determine if syncprov is built in.
That's where it hurts ... $ find /opt/symas -name 'syncprov*' $
=> No result found.
$ objdump -T `find /opt/symas -name 'slapd'`|grep syncprov $
=> No result as well
$ objdump -T `find /opt/symas -name 'slapd'`|grep sync 000000000047ee20 g DF .text 00000000000004ff Base syncrepl_add_glue 000000000048d870 g DF .text 0000000000000105 Base slap_init_sync_cookie_ctxcsn 000000000048d980 g DF .text 0000000000000111 Base slap_dup_sync_cookie 0000000000484d30 g DF .text 000000000000041b Base syncinfo_free 000000000048d320 g DF .text 00000000000000a5 Base slap_sync_cookie_free 000000000048d560 g DF .text 000000000000030b Base slap_parse_sync_cookie 00000000006109a0 g DO .data 0000000000000010 Base slap_sync_cookie 000000000048d140 g DF .text 00000000000001d7 Base slap_compose_sync_cookie 00000000004881b0 g DF .text 0000000000000b19 Base syncrepl_config
=> Syncprov is nowhere to be found ...
There are other options for packages for Red Hat, such as:
http://staff.telkomsa.net/packages/rhel5/openldap/
(see http://staff.telkomsa.net/packages/OpenLDAP.repo)
Which ships syncprov as a module ... see the comments in the default slapd.conf.
I'd prefer not to switch for another package, but if there is no other solution, i guess i will.
Of course, as the Symas people usually say about Red Hat, contact the provider of your binaries for support :-p. I can't imagine that Symas would ship without syncprov, so you may want to consult any documentation they have provided if you haven't yet come right.
I have been quite busy those days, I haven't found any workaround yet.
Here is my slapd.conf file
-----------------------------------------------
include /opt/symas/etc/openldap/schema/core.schema include /opt/symas/etc/openldap/schema/cosine.schema include /opt/symas/etc/openldap/schema/inetorgperson.schema
pidfile /var/symas/slapd.pid argsfile /var/symas/slapd.args
modulepath /opt/symas/lib64/openldap moduleload back_hdb.la moduleload back_bdb.la moduleload back_monitor.la moduleload syncprov.la
access to attrs=userPassword by self write by users write by anonymous read
access to * by self write by users read by anonymous auth
database hdb suffix "dc=organization,dc=my" rootdn "cn=Manager,dc=organization,dc=my" rootpw secret
serverID 1 overlay syncprov syncrepl rid=001 provider=ldap://192.168.49.96 binddn="cn=Manager,dc=organization,dc=my" bindmethod=simple credentials=secret searchbase="dc=organization,dc=my" type=refreshAndPersist interval=00:00:00:10 retry="15 5 300 +" timeout=1 syncrepl rid=002 provider=ldap://192.168.49.97 binddn="cn=Manager,dc=organization,dc=my" bindmethod=simple credentials=secret searchbase="dc=organization,dc=my" type=refreshAndPersist interval=00:00:00:10 retry="15 5 300 +" timeout=1 mirrormode on
index objectClass eq directory /var/symas/openldap-data/mydata cachesize 5000 idlcachesize 5000 checkpoint 512 60 database monitor
-----------------------------------------------
Thanks for your help !
Pierre.
This is quite strange. When I list the files in symas'RPM, i get a bunch of entries but nothing related to replication :
$ rpm -qpl symas-openldap-silver-2.4.16.0.x86_64.rpm | grep sync $
=> No result.
Would it mean that this version of openldap is shipped without the synchronization module ...?
On Mon, Aug 17, 2009 at 4:18 PM, Pierre Laporte < pierre.laporte.steria@gmail.com> wrote:
Hi, I tried to gather some more information.
How were you trying to "include the syncprov module" ? With 'moduleload syncprov.la' ? Was the modulepath set correctly? Can you provide some debug output from slapd showing what it tried?
Yep, using "moduleload syncprov.la". As soon as I try to start slapd, i get this in the logfile :
$ solserver restart Aug 17 15:58:28 localhost slapd[29875]: @(#) $OpenLDAP: slapd 2.4.16 (Apr 20 2009 19:56:04) $ svovi01@viol :/home/build/sol-2.4.16-0/bld64/ldap24/servers/slapd Aug 17 15:58:28 localhost slapd[29875]: lt_dlopenext failed: (syncprov.la) file not found Aug 17 15:58:28 localhost slapd[29875]: slapd stopped. Aug 17 15:58:28 localhost slapd[29875]: connections_destroy: nothing to destroy.
My modulepath is defined by : "modulepath /opt/symas/lib64/openldap"
$ cd /opt/symas/lib64/openldap ; ls *.la back_bdb.la back_hdb.la back_monitor.la collect.la constraint.la dds.la dyngroup.la dynlist.la memberof.la ppolicy.la refint.la retcode.la seqmod.la unique.la valsort.la
=> No syncprov.la here
Considering that it might be linked statically, i tried to use only this line in slapd.conf : "overlay syncprov"
But here are the logs : Aug 17 16:04:47 localhost slapd[30049]: @(#) $OpenLDAP: slapd 2.4.16 (Apr 20 2009 19:56:04) $ svovi01@viol :/home/build/sol-2.4.16-0/bld64/ldap24/servers/slapd Aug 17 16:04:47 localhost slapd[30049]: overlay "syncprov" not found Aug 17 16:04:47 localhost slapd[30049]: slapd stopped. Aug 17 16:04:47 localhost slapd[30049]: connections_destroy: nothing to destroy.
So, this means that the syncprov overlay was not found, it is most likely provided as a module. Not knowing exactly how Symas packages their binaries, I would run '"find /opt/symas -name 'syncprov*'" to try and find a module, or "objdump -T `find /opt/symas -name 'slapd'`|grep syncprov" to determine if syncprov is built in.
That's where it hurts ... $ find /opt/symas -name 'syncprov*' $
=> No result found.
$ objdump -T `find /opt/symas -name 'slapd'`|grep syncprov $
=> No result as well
$ objdump -T `find /opt/symas -name 'slapd'`|grep sync 000000000047ee20 g DF .text 00000000000004ff Base syncrepl_add_glue 000000000048d870 g DF .text 0000000000000105 Base slap_init_sync_cookie_ctxcsn 000000000048d980 g DF .text 0000000000000111 Base slap_dup_sync_cookie 0000000000484d30 g DF .text 000000000000041b Base syncinfo_free 000000000048d320 g DF .text 00000000000000a5 Base slap_sync_cookie_free 000000000048d560 g DF .text 000000000000030b Base slap_parse_sync_cookie 00000000006109a0 g DO .data 0000000000000010 Base slap_sync_cookie 000000000048d140 g DF .text 00000000000001d7 Base slap_compose_sync_cookie 00000000004881b0 g DF .text 0000000000000b19 Base syncrepl_config
=> Syncprov is nowhere to be found ...
There are other options for packages for Red Hat, such as:
http://staff.telkomsa.net/packages/rhel5/openldap/
(see http://staff.telkomsa.net/packages/OpenLDAP.repo)
Which ships syncprov as a module ... see the comments in the default slapd.conf.
I'd prefer not to switch for another package, but if there is no other solution, i guess i will.
Of course, as the Symas people usually say about Red Hat, contact the provider of your binaries for support :-p. I can't imagine that Symas would ship without syncprov, so you may want to consult any documentation they have provided if you haven't yet come right.
I have been quite busy those days, I haven't found any workaround yet.
Here is my slapd.conf file
include /opt/symas/etc/openldap/schema/core.schema include /opt/symas/etc/openldap/schema/cosine.schema include /opt/symas/etc/openldap/schema/inetorgperson.schema
pidfile /var/symas/slapd.pid argsfile /var/symas/slapd.args
modulepath /opt/symas/lib64/openldap moduleload back_hdb.la moduleload back_bdb.la moduleload back_monitor.la moduleload syncprov.la
access to attrs=userPassword by self write by users write by anonymous read
access to * by self write by users read by anonymous auth
database hdb suffix "dc=organization,dc=my" rootdn "cn=Manager,dc=organization,dc=my" rootpw secret
serverID 1 overlay syncprov syncrepl rid=001 provider=ldap://192.168.49.96 binddn="cn=Manager,dc=organization,dc=my" bindmethod=simple credentials=secret searchbase="dc=organization,dc=my" type=refreshAndPersist interval=00:00:00:10 retry="15 5 300 +" timeout=1 syncrepl rid=002 provider=ldap://192.168.49.97 binddn="cn=Manager,dc=organization,dc=my" bindmethod=simple credentials=secret searchbase="dc=organization,dc=my" type=refreshAndPersist interval=00:00:00:10 retry="15 5 300 +" timeout=1 mirrormode on
index objectClass eq directory /var/symas/openldap-data/mydata cachesize 5000 idlcachesize 5000 checkpoint 512 60 database monitor
Thanks for your help !
Pierre.
--On Monday, August 17, 2009 5:25 PM +0200 Pierre Laporte pierre.laporte.steria@gmail.com wrote:
This is quite strange. When I list the files in symas'RPM, i get a bunch of entries but nothing related to replication :
$ rpm -qpl symas-openldap-silver-2.4.16.0.x86_64.rpm | grep sync $
=> No result.
Or it is already built into slapd, and no reason to module load it.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On Tuesday, 18 August 2009 20:53:40 Quanah Gibson-Mount wrote:
--On Monday, August 17, 2009 5:25 PM +0200 Pierre Laporte
pierre.laporte.steria@gmail.com wrote:
This is quite strange. When I list the files in symas'RPM, i get a bunch of entries but nothing related to replication :
$ rpm -qpl symas-openldap-silver-2.4.16.0.x86_64.rpm | grep sync $
=> No result.
Or it is already built into slapd, and no reason to module load it.
AFAICT, we confirmed this was not the case earlier in the thread, there was no syncprov_initialize symbol in the symas slapd (although there were syncrepl- related symbols), and 'overlay syncprov' without the moduleload also failed.
Pierre, your options here are: 1)Contact Symas. If you have IRC access, there are some Symas people on the #openldap channel on freenode (and I am there too, as blingme) who might be willing to answer some specific questions. 2)Use other packages, such as the ones I provide (see http://staff.telkomsa.net/packages/OpenLDAP.repo) 3)Build your own from source
Since I am not familiar with the symas packages, I can't personally help finding out why there is no syncprov module, and syncprov is not built into their packages.
Regards, Buchan
openldap-software@openldap.org
-
Buchan Milne -
Pierre Laporte -
Quanah Gibson-Mount