Hello,
I have to configure an OpenLDAP directory that store some informations about users and groups and that is a proxy with Active Directory.
To do this, i configure two suffix on my openldap server : the first one is to store informations about users and groups and the second is for the Active Directory proxy (second suffix is embedded in the first one.
To configure the Active Directory proxy, i use an ldap backend with rwm overlay to rewrite some attributes and objectclass.
When i test my configuration with slaptest binary, i get this error :
config error processing olcOverlay={0}rwm,olcDatabase={2}ldap,cn=config: <olcRwmMap> handler exited with 1
slaptest: bad configuration directory!
I am on a CentOS 5.4 server with OpenLDAP 2.4.20 (compile from sources) and Berkeley DB 4.6.21.
I'll give you my slapd.conf file :
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
serverid 001
# Inclusion des schemas
include /opt/openldap/etc/openldap/schema/core.schema
include /opt/openldap/etc/openldap/schema/cosine.schema
include /opt/openldap/etc/openldap/schema/inetorgperson.schema
include /opt/openldap/etc/openldap/schema/nis.schema
include /opt/donnees/etc/openldap/schema/microsoft.schema
# Log level
loglevel -1
# The maximum number of entries that is returned for a search operation
sizelimit unlimited
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
# PID File
pidfile /opt/donnees/var/run/slapd.pid
argsfile /opt/donnees/var/run/slapd.args
# Load dynamic backend modules:
#modulepath /opt/openldap/lib
#moduleload back_hdb
#moduleload back_monitor
moduleload rwm
# Access control policy:
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to dn.base="" by * read
access to dn.subtree="cn=Monitor"
by dn.exact="cn=admin,cn=config" write
by users read
by * none
access to *
by self write
by dn="cn=admin,cn=config" write
by * none
# Configuration du backend
backend hdb
#######################################################################
# BDB database definitions
#######################################################################
database monitor
# Dynamic Config
database config
rootdn "cn=admin,cn=config"
rootpw secret
#######################################################################
# Configuration Proxy Active Directory
database ldap
suffix ou=proxy,dc=my-company,dc=meta
rootdn "cn=admin,cn=config"
subordinate
uri ldap://192.168.44.88:389
lastmod off
acl-authcDN cn=admin,cn=config
acl-passwd secret
idassert-bind bindmethod="simple"
binddn="CN=srv_ldap,OU=Services-account,OU=Administration,dc=my-company,dc=local"
credentials="Azerty00"
mode="legacy"
overlay rwm
rwm-suffixmassage dc=my-company,dc=local
rwm-map attribute uid sAMAccountName
rwm-map attribute cn cn
rwm-map attribute displayName displayName
rwm-map attribute givenName givenName
rwm-map attribute sn sn
rwm-map attribute mail mail
rwm-map attribute userPassword userPassword
rwm-map attribute *
rwm-map objectclass inetOrgPerson user
#######################################################################
# Configuration Annuaire technique (habilitations, partenaires, internautes)
database hdb
suffix "dc=my-company,dc=meta"
rootdn "cn=admin,cn=config"
directory "/opt/donnees/var/openldap-data"
checkpoint 512 30
dbconfig set_cachesize 0 128000000 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass,entryCSN,entryUUID eq
index uid pres,eq,sub
index sn pres,eq,sub
index mail pres,eq,sub
index cn pres,eq,sub
lastmod on
When i install OpenLDAP on my server, i execute this commands :
CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.6/lib"
./configure --prefix=/opt/openldap --enable-shared --enable-crypt=yes --enable-rewrite=yes
--enable-bdb=yes --enable-hdb=yes --enable-ldap=mod --enable-meta=mod --enable-monitor=yes
--enable-relay=mod --enable-overlays=yes --with-cyrus-sasl --with-threads=posix
--with-tls=openssl
make depend
make
make test
make install
What's wrong with my installation or my config file ? Is this error is an OpenLDAP bug ?
Thank you for your help,
Raphaël KISTER