DeMoNs@web.de wrote:
Hi all,
i have a problem getting openldap to run monitor backend AND syncrepl overlay. i'm running freebsd-7.2-release-p6 in combination with openldap-server-2.4.19 with sasl support compiled in.
i use the following slapd config:
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/ldapns.schema include /usr/local/etc/openldap/schema/radius.schema
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args logfile /var/log/slapd.log
password-hash {SSHA} modulepath /usr/local/libexec/openldap moduleload back_bdb moduleload back_monitor
access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to * by ssf=128 dn="cn=admin,dc=example,dc=de" write by dn="cn=admin,dc=example,dc=de" peername.ip=127.0.0.1 write by ssf=96 dn="cn=nssadmin,dc=example,dc=de" read by dn="cn=nssadmin,dc=example,dc=de" peername.ip=127.0.0.1 read by anonymous auth by * none access to attrs=userPassword by self write by anonymous auth by * none
database bdb suffix "dc=example,dc=de" rootdn "dc=example,dc=de" directory /var/db/openldap-data index objectClass,entryCSN,entryUUID eq index uid pres,eq,sub index memberUID eq index uidNumber,gidNumber eq index host eq
database monitor rootdn "cn=monitoring,cn=Monitor" rootpw monitoring
access to dn.subtree="cn=Monitor" by dn="cn=nssadmin,dc=example,dc=de" by * none
syncrepl rid=041 provider=ldap://ldap-master.example.de type=refreshOnly interval=00:00:35:00 searchbase="dc=example,dc=de" schemachecking=off bindmethod=simple starttls=yes binddn="cn=syncuser,dc=example,dc=de" credentials="strongsecretpassword"
TLSCertificateFile /usr/local/etc/openldap/ssl/ldap-crt.pem TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap-key.pem TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem
loglevel 256
now, when i run slaptest i receive following error:
/usr/local/etc/openldap/slapd.conf: line 59: database monitor does not support operations required for syncrepl slaptest: bad configuration file!
Line 59 corresponds to the credentials option in the synrepl statement. i can't figure out whats wrong, so if anyone can point me in the right direction that would be really helpful.
"Line 59" means the whole statement ending at line 59, so in general the error can be anywhere in the statement. In this case, the error is the statement itself. As the error message is saying, back-monitor is missing some essential function that is required by syncrepl (I bet bi_op_add()). What's puzzling me is: back-monitor is (almost) read-only, and contains mostly dynamically generated information on the state of a server; what's the purpose of replicating it? Your configuration makes no sense.
p.