Re: Error when try modify olcTLS*
by Igor Sousa
Hi Quanah,
Sorry about my delay to answer you, I've been in vacation and away from PC.
I understand that I should use the same name when I'll update this file to
make it easy, but it is a new installation and this reason that I need
modify this entries.
I've tested your suggestion and delete operation has worked fine, but I've
still had the same problem described previously when I've tried add new
olcTLSCertificateFile or new olcTLSCertificateKeyFile or new
olcTLSCACertificateFile. I don't understand the reason for that.
[root@localhost ldifs]# ldapmodify -Y EXTERNAL -H ldapi:/// -f 5tls.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
--
Igor Sousa
Em sex, 28 de jun de 2019 às 21:53, Quanah Gibson-Mount <quanah(a)symas.com>
escreveu:
> --On Friday, June 28, 2019 7:33 PM -0300 Igor Sousa <igorvolt(a)gmail.com>
> wrote:
>
> > dn: cn=config
> > changetype: modify
> > replace: olcTLSCertificateFile
> > olcTLSCertificateFile: /etc/openldap/certs/ldap.local.crt
> > -
> > replace: olcTLSCertificateKeyFile
> > olcTLSCertificateKeyFile: /etc/openldap/certs/ldap.local.key
> > -
> > add: olcTLSCACertificateFile
> > olcTLSCACertificateFile: /etc/openldap/certs/ca.cert.pem
>
> I would suggest simply using the same filenames as you had before,
> negating
> the need to modify the attributes at all. You're likely hitting ITS#8286
> with the replace operations. Another idea may be to change replace to a
> delete+add in the same operation sequence.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
>
3 years, 10 months
slapd crashing
by Alex Hebra
Hi there,
I've MMR running on two FreeBSD servers with OpenLDAP 2.4.47. After few
days one node always crash with signal 11.
The last log I got from slapd is:
Jul 17 18:04:19 slapd[676]: syncprov_matchops: skipping original sid 001
When I try to restart the slapd process it eats all the ram memory, until
the server become irresponsible. I have to delete the database and re-sync
everything to make it works again.
Is there a way to find out how can I fix this issue?
Thanks.
3 years, 10 months
Re: Error when try modify olcTLS*
by Igor Sousa
Hi everybody,
I would like to apologize me about this email discussion, in specially to
Quanah and Howard. After a ton of emails sent, specially the last Quanah
email, I've finally understood my error. Due it be a beginner error, I'm
very embarrassed to importune you about it.
Then, I would like to apologize me with Quanah, Howard and everyone on
openldap-technical(a)openldap.org list about time spent in this problem.
Finally, I would like thank all involved that has helped me to solve my
problem.
OBS: I've removed -aes256 when I've generated server key aiming no
encrypting the key. Then I've got to add all olcTLS* entries with
ldapmodify and ldif file described in previous emails.
--
Igor Sousa
Em qui, 18 de jul de 2019 às 17:35, Quanah Gibson-Mount <quanah(a)symas.com>
escreveu:
> --On Thursday, July 18, 2019 1:08 PM -0700 Quanah Gibson-Mount
> <quanah(a)symas.com> wrote:
>
> >> build@c7rpm:/home/build/git/rheldap/RHEL7_x86_64/BUILD...lapd
> >> Jul 18 11:55:29 localhost.localdomain slapd[2133]: main: TLS init def
> ctx
> >> failed: -1
> >> Jul 18 11:55:29 localhost.localdomain slapd[2133]: Enter PEM pass
> phrase:
> >
> > This clearly indicates your key file is password protected, which is not
> > supported.
>
> To be clear, it's not supported to use a password protected key file and
> then try and start slapd via an automated init system such as systemd. To
> use a password protected key file requires that you start slapd manually
> so
> you can provide the password as part of the startup process so slapd can
> access it.
>
> Regards,
> Quanah
>
>
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
>
3 years, 10 months
Database problems with OpenIndiana
by dieter@dkluenter.de
Hi,
I am testing OpenLDAP-2.4.44 on OpenIndiana-Hipster. I have configured
two back-mdb databases.For some strange reason a data.mdb and a bdb
logfile is created.
openldap openldap 45441024 Juli 17 16:45 data.mdb
openldap openldap 8192 Juli 17 16:57 lock.mdb
root root 10485760 Juli 17 16:57 log.0000000001
After a restart slapd cannot read the data.mdb anymore.
-Dieter
--
Dieter Klünter | Directory Service
http://sys4.de
53°37'09,95"N
10°08'02,42"E
3 years, 10 months
RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
by Quanah Gibson-Mount
This is expected to be the only testing call for 2.4.48, with an
anticipated release, depending on feedback, during the week of 2019/07/22.
Specific to this release, it would be helpful if anyone using back-ldap or
back-meta with TLS can confirm their existing configurations continue to
work (Due to the changes related to ITS#8427).
Generally, get the code for RE24:
<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...>
Configure & build.
Execute the test suite (via make test) after it is built. Optionally, cd
tests && make its to run through the regression suite.
Thanks!
OpenLDAP 2.4.48 Engineering
Added libldap OpenSSL Elliptic Curve support (ITS#7595)
Added libldap Expose OpenLDAP specific interfaces via openldap.h
(ITS#8671)
Added slapd-monitor support for slapd-mdb (ITS#7770)
Fixed liblber leaks (ITS#8727)
Fixed liblber with partial flush (ITS#8864)
Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
Fixed libldap to use AI_ADDRCONFIG when available (ITS#7326)
Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
Fixed libldap return code in ldap_create_assertion_control_value
(ITS#8674)
Fixed libldap to correctly disable IPv6 when configured to do so
(ITS#8754)
Fixed libldap to correctly close TLS connection (ITS#8755)
Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
Fixed liblunicode case correspondance (ITS#8508)
Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
Fixed slapd config parser variable for Windows64 (ITS#9012)
Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
Fixed slapd TLS settings on reconnection (ITS#8427)
Fixed slapd to restrict rootDN proxyauthz to its own databases
(ITS#9038)
Fixed slapd to initialize SASL SSF per connection (ITS#9052)
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
Fixed slapd-ldap TLS settings on reconnection (ITS#8427)
Fixed slapd-ldap segfault when entry result doesn't match filter
(ITS#8997)
Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
Fixed slapd-meta TLS settings on reconnection (ITS#8427)
Fixed slapd-meta assertion when network interface goes down (ITS#8841)
Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
Fixed slapo-accesslog possible assert with exops (ITS#8971)
Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
Fixed slapo-memberof for group name change to itself (ITS#9000)
Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
Fixed slapo-rwm to not free original filter (ITS#8964)
Fixed slapo-syncprov contextCSN generation (ITS#9015)
Build Environment
Fixed slapd to only link to BDB libraries with static build
(ITS#8948)
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS
(ITS#8794)
Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
Documentation
General - Fixed minor typos (ITS#8764, ITS#8761)
admin24 - Miscellaneous updates promoting mdb and fixing examples
(ITS#9031)
slapd.access(5) - Note MDB is the primary backend (ITS#8881)
slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
slapd-ldap(5) - Document starttls parameter (ITS#8693)
Contrib
Added slapo-lastbind capability to forward authTimestamp updates
(ITS#7721)
LMDB 0.9.24 Engineering
ITS#8969 Tweak mdb_page_split
ITS#8975 WIN32 fix writemap set_mapsize crash
ITS#9007 Fix loose pages in WRITEMAP
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
3 years, 10 months
Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
by Abdelkader Chelouah
Hello,
make mdb and make mdb-its, all succeded under CentOS 7. As far as concerned
back-ldap, commit e224920ea5641b71bbd38604cb58bd1922537e7d (ITS#8427 Take
late TLS configuration into account) has fixed the regression introduced by
commit 6f623dfa1ca65698c19ccc6c058cd170e633384e (ITS#8427 Set up
TLS settings on each reconnection) with my test configuration.
Regard,
Kader
On Mon, Jul 15, 2019 at 6:18 PM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
> This is expected to be the only testing call for 2.4.48, with an
> anticipated release, depending on feedback, during the week of 2019/07/22.
>
> Specific to this release, it would be helpful if anyone using back-ldap or
> back-meta with TLS can confirm their existing configurations continue to
> work (Due to the changes related to ITS#8427).
>
> Generally, get the code for RE24:
>
> <
> http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...
> >
>
> Configure & build.
>
> Execute the test suite (via make test) after it is built. Optionally, cd
> tests && make its to run through the regression suite.
>
> Thanks!
>
> OpenLDAP 2.4.48 Engineering
> Added libldap OpenSSL Elliptic Curve support (ITS#7595)
> Added libldap Expose OpenLDAP specific interfaces via openldap.h
> (ITS#8671)
> Added slapd-monitor support for slapd-mdb (ITS#7770)
> Fixed liblber leaks (ITS#8727)
> Fixed liblber with partial flush (ITS#8864)
> Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
> Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
> Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
> Fixed libldap to use AI_ADDRCONFIG when available (ITS#7326)
> Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
> Fixed libldap race condition in ldap_int_initialize (ITS#7996,
> ITS#8450)
> Fixed libldap return code in ldap_create_assertion_control_value
> (ITS#8674)
> Fixed libldap to correctly disable IPv6 when configured to do so
> (ITS#8754)
> Fixed libldap to correctly close TLS connection (ITS#8755)
> Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
> Fixed liblunicode case correspondance (ITS#8508)
> Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
> Fixed slapd config parser variable for Windows64 (ITS#9012)
> Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
> Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
> Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
> Fixed slapd TLS settings on reconnection (ITS#8427)
> Fixed slapd to restrict rootDN proxyauthz to its own databases
> (ITS#9038)
> Fixed slapd to initialize SASL SSF per connection (ITS#9052)
> Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
> Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
> Fixed slapd-ldap TLS settings on reconnection (ITS#8427)
> Fixed slapd-ldap segfault when entry result doesn't match filter
> (ITS#8997)
> Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
> Fixed slapd-meta TLS settings on reconnection (ITS#8427)
> Fixed slapd-meta assertion when network interface goes down (ITS#8841)
> Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
> Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
> Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
> Fixed slapo-accesslog possible assert with exops (ITS#8971)
> Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
> Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
> Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
> Fixed slapo-memberof for group name change to itself (ITS#9000)
> Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
> Fixed slapo-rwm to not free original filter (ITS#8964)
> Fixed slapo-syncprov contextCSN generation (ITS#9015)
> Build Environment
> Fixed slapd to only link to BDB libraries with static build
> (ITS#8948)
> Fixed libldap implicit declaration with LDAP_CONNECTIONLESS
> (ITS#8794)
> Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
> Documentation
> General - Fixed minor typos (ITS#8764, ITS#8761)
> admin24 - Miscellaneous updates promoting mdb and fixing examples
> (ITS#9031)
> slapd.access(5) - Note MDB is the primary backend (ITS#8881)
> slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
> slapd-ldap(5) - Document starttls parameter (ITS#8693)
> Contrib
> Added slapo-lastbind capability to forward authTimestamp updates
> (ITS#7721)
>
> LMDB 0.9.24 Engineering
> ITS#8969 Tweak mdb_page_split
> ITS#8975 WIN32 fix writemap set_mapsize crash
> ITS#9007 Fix loose pages in WRITEMAP
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
>
>
3 years, 10 months
ldap_destroy() vs. ldap_unbind()
by Edgar Fuß
Hello.
I'm sorry if this is a silly question, but the only thing close to an answer I could find is from a post of Hallvard B Furuseth to this list (pre-dating the actual ldap_destroy() introduction) stating that ldap_unbind() was mis-named and should have been called ldap_destroy().
The question is whether to use ldap_destroy() or ldap_unbind().
More precisely, the question is which one is preferable in a single-threaded application that never calls ldap_dup().
>From reading the man page of ldap_dup()/ldap_destroy() and above mentioned post, I would get the impression that technichally, it doesn't matter, so I would gess ldap_unbind() to be slightly preferable because it works with pre-2.4.24 OpenLDAP.
However, proposing such an adjustment (https://redmine.lighttpd.net/issues/2849 in case anyone cares[*]) was vigorously turned down stating I didn't know what I was talking about so I might be missing something.
Could someone shed light on this? I'm in no way an LDAP or OpenLDAP expert, just trying to read man pages.
[*] There's an error in my comment there: I wrote "2.4" where it should read "2.4.24".
3 years, 10 months
Re: Switch OpenLDAP backend database from HDB to MDB
by SHarbich@t-online.de
> You can not convert a hdb backend into a mdb backend without changing
> the underlying database. slapcat(8) the hdb database into a file and
> slapadd(8) the file into a mdb backend.
Hello, but it works. I have made the following changes to the config.ldif file.
Then I replayed the LDIF file into an empty ldap directory with slapadd:
...
olcModuleLoad: {0}back_mdb
dn: olcBackend={0}mdb,cn=config
olcBackend: {0}mdb
dn: olcDatabase={1}mdb,cn=config
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
...
Thank you in advance for your support
3 years, 10 months
Re: Switch OpenLDAP backend database from HDB to MDB
by SHarbich@t-online.de
Hello,
I can not change my config.ldif file from the HDB backend to the MDB
backend. I have changed the following:
...
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
-olcModuleLoad: {0}back_hdb
+olcModuleLoad: {0}back_mdb
olcModuleLoad: {1}dynlist.so
olcModuleLoad: {2}ppolicy.la
structuralObjectClass: olcModuleList
entryUUID: 9495e2a6-da11-1033-97d9-c1ceaf236428
creatorsName: cn=admin,cn=config
createTimestamp: 20140926214112Z
entryCSN: 20170201184048.317884Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20170201184048Z
-dn: olcBackend={0}hdb,cn=config
+dn: olcBackend={0}mdb,cn=config
objectClass: olcBackendConfig
-olcBackend: {0}hdb
+olcBackend: {0}mdb
structuralObjectClass: olcBackendConfig
entryUUID: 94960592-da11-1033-97da-c1ceaf236428
creatorsName: cn=admin,cn=config
createTimestamp: 20140926214112Z
entryCSN: 20140926214112.940239Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140926214112Z
-dn: olcDatabase={1}hdb,cn=config
+dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
-objectClass: olcHdbConfig
+objectClass: olcMdbConfig
-olcDatabase: {1}hdb
+olcDatabase: {1}mdb
+olcDbMaxSize: 1073741824
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=harnet,dc=de
olcLastMod: TRUE
olcRootDN: cn=admin,dc=harnet,dc=de
olcRootPW::
-olcDbCheckpoint: 512 30
-olcDbConfig: {0}set_cachesize 0 2097152 0
-olcDbConfig: {1}set_lk_max_objects 1500
-olcDbConfig: {2}set_lk_max_locks 1500
-olcDbConfig: {3}set_lk_max_lockers 1500
-structuralObjectClass: olcHdbConfig
entryUUID: 94960be6-da11-1033-97db-c1ceaf236428
creatorsName: cn=admin,cn=config
createTimestamp: 20140926214112Z
olcAccess: {0}to dn.subtree="dc=harnet,dc=de" by
dn="uid=lamdaemon,ou=users,
dc=harnet,dc=de" write by * none break
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to attrs=userPassword by anonymous auth by * none
olcAccess: {3}to dn.base="dc=harnet,dc=de" by * read
olcAccess: {4}to dn.subtree="ou=users,dc=harnet,dc=de" by dn="cn=Harbich CA
Server,ou=services,dc=harnet,dc=de" write by users read by * none
olcAccess: {5}to dn.subtree="ou=services,dc=harnet,dc=de" by dn="cn=Harbich
CA Server,ou=services,dc=harnet,dc=de" write by users read by * none
olcAccess: {6}to * by dn="cn=admin,dc=harnet,dc=de" write by * read
olcDbIndex: cn pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: uid pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: dcMailAlias pres,eq
olcDbIndex: givenName pres,eq,sub
olcDbIndex: dcSubMailAddress pres,eq
olcDbIndex: dcMailAlternateAddress pres,eq
olcDbIndex: dcAccountStatus pres,eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: dhcpHWAddress eq
olcDbIndex: uniqueMember eq
olcDbIndex: memberUid eq
olcDbIndex: objectClass eq
olcDbIndex: loginShell eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
olcDbIndex: ou pres,eq,sub
entryCSN: 20190304162152.376029Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20190304162152Z
-dn: olcOverlay={0}dynlist,olcDatabase={1}hdb,cn=config
+dn: olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynamicList
olcOverlay: {0}dynlist
olcDlAttrSet: {0}dcPosixSubAccount dcPosixOwnerURL
structuralObjectClass: olcDynamicList
entryUUID: 6f6012cc-da16-1033-84a3-8399e4f67731
creatorsName: cn=admin,cn=config
createTimestamp: 20140926221557Z
entryCSN: 20140926221557.994629Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140926221557Z
...
When I play back the config and data ldif file after deleting the ldap
directories, I get the following error message:
"root@dsme01:/tmp# slapadd -F /etc/ldap/slapd.d -n 1 -l harnet.de.ldif
Database number selected via -n is out of range
Must be in the range 0 to 0 (the number of configured databases)"
Did I change something wrong in my config file above?
Thank you in advance for your support
3 years, 10 months
Replication persistence
by Nebula WAN
Hello
I have a replication problem between two OpenLDAP 2.44 servers configured as multimasters on CentOS 7.3 :
The minimal configuration of both are correct (connection OK with admin credentials),
I replicate the config and hdb databases as you can see in the configuration above,
I use LDAPAdmin to connect to each of them and check if the replication works by creating a test OU: they replicate well.
After a week or more, automatic replication no longer works: I have to restart the slapd service to see the data exchange between the two servers ...
I have contextCSN for both but they are fixed at the installation date.
Do you have an idea ?
Thank you
Here are the configuration (the olcServerID change in server2's configuration) :
dn: olcDatabase={0}config,cn=config
changeType: modify
add: olcAccess
olcAccess: to * by dn.exact="cn=ldapadm,dc=test,dc=factory" manage by * break
dn: olcDatabase={2}hdb,cn=config
changeType: modify
add: olcAccess
olcAccess: to * by dn.exact="cn=ldapadm,dc=test,dc=factory" manage by * break
dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 1
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=test,dc=factory" read by * none
### Updating ID ###
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://server1.test.factory
olcServerID: 2 ldap://server2.test.factory
### Enabling CONFIG Replication ###
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
### Configuring CONFIG replication ###
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://server1.test.factory binddn="cn=config" bindmethod=simple credentials=password searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://server2.test.factory binddn="cn=config" bindmethod=simple credentials=password searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
### Enabling HDB Replication ###
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
### Configuring HDB replication ###
dn: olcDatabase={2}hdb,cn=config
add: olcSyncRepl
olcSyncRepl: rid=004 provider=ldap://server1.test.factory binddn="cn=ldapadm,dc=test,dc=factory" bindmethod=simple credentials=password searchbase="dc=test,dc=factory" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=005 provider=ldap://server2.test.factory binddn="cn=ldapadm,dc=test,dc=factory" bindmethod=simple credentials=password searchbase="dc=test,dc=factory" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcMirrorMode
olcMirrorMode: TRUE
3 years, 10 months