At last, I'm trying to setup a consumer to replicate data off of a primary ldap server running the Symas-provided v2.6 packages on Ubuntu 20.04.
The following links were very helpful to me:
I have built an ldif file that I'm trying to slapadd. But when the binddn contains anything other than "cn" attributes, slapadd produces an error.
My Question: Why can I not use a binddn that contains anything other than "cn" attributes, like "uid", "dc", or "ou"?
Specific details with debug below:
The following works perfectly fine:
root@ldapconsumer:/opt/symas/etc/openldap# /opt/symas/sbin/slapadd -l /home/myself/ldap/consumer_sync.ldif -F /opt/symas/etc/openldap/slapd.d/ -w -n0
Closing DB..
root@ldapconsumer:/opt/symas/etc/openldap# cat /home/myself/ldap/consumer_sync.ldif
dn: cn=config
objectClass: olcGlobal
cn: config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW: secret
olcSyncRepl: rid=001 provider=ldap://
172.16.2.5 binddn="cn=admin,cn=example,cn=com" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5"
Alternatively, this works as the binddn:
cn=ldap.sync,cn=example,cn=com
But the following values in the binddn do NOT work:
- binddn=cn=ldap.sync,dc=example,dc=com
- binddn=uid=sync,ou=People,dc=example,dc=com
In either of the examples above that do NOT work, I'm getting an "invalid bind config value" error message. See below for full stdout with 1 example:
root@ldapconsumer:/opt/symas/etc/openldap# /opt/symas/sbin/slapadd -l /home/myself/ldap/consumer_sync.ldif -F /opt/symas/etc/openldap/slapd.d/ -w -n0
invalid bind config value binddn=uid=ldap.sync,ou=People,dc=example,dc=com
olcSyncrepl: value #0: Error: parse_syncrepl_line: unable to parse "binddn=uid=ldap.sync,ou=People,dc=example,dc=com"
.
failed to add syncinfo
slapadd: could not add entry dn="olcDatabase={0}config,cn=config" (line=5): Error: parse_syncrepl_line: unable to parse "binddn=uid=ldap.sync,ou=People,dc=example,dc=com"
Closing DB...
If I run this with debug enabled, below is what I see (not sure if this will be helpful or not, but am providing it just in case). Password has been redacted of course.
root@ldapconsumer:/opt/symas/etc/openldap# /opt/symas/sbin/slapadd -l /home/myself/ldap/consumer_sync.ldif -F /opt/symas/etc/openldap/slapd.d/ -w -n0 -d -1
slapadd init: initiated tool.
slap_sasl_init: initialized!
backend_startup_one: starting "cn=config"
ldif_read_file: no entry file "/opt/symas/etc/openldap/slapd.d//cn=config.ldif"
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=32 matched="" text=""
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
{snip}
slapadd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
Backend ACL: access to *
by * none
config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
config_back_db_open: No explicit ACL for back-config configured. Using hardcoded default
=> str2entry: "dn: cn=config
objectClass: olcGlobal
cn: config
"
>>> dnPrettyNormal: <cn=config>
<<< dnPrettyNormal: <cn=config>, <cn=config>
<= str2entry(cn=config) -> 0x5574eedc21b8
oc_check_required entry (cn=config), objectClass "olcGlobal"
oc_check_allowed type "objectClass"
oc_check_allowed type "cn"
oc_check_allowed type "structuralObjectClass"
ldif_write_entry: wrote entry "cn=config"
=> str2entry: "dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW: secret
olcSyncRepl: rid=001 provider=ldap://
172.16.2.5 binddn="uid=ldap.sync,ou=People,dc=example,dc=com" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5"
"
>>> dnPrettyNormal: <olcDatabase={0}config,cn=config>
<<< dnPrettyNormal: <olcDatabase={0}config,cn=config>, <olcDatabase={0}config,cn=config>
>>> dnNormalize: <cn=admin,cn=config>
<<< dnNormalize: <cn=admin,cn=config>
<= str2entry(olcDatabase={0}config,cn=config) -> 0x5574eedc2258
oc_check_required entry (olcDatabase={0}config,cn=config), objectClass "olcDatabaseConfig"
oc_check_allowed type "objectClass"
oc_check_allowed type "olcDatabase"
oc_check_allowed type "olcRootDN"
oc_check_allowed type "olcRootPW"
oc_check_allowed type "olcSyncrepl"
oc_check_allowed type "structuralObjectClass"
config_build_entry: "olcDatabase={-1}frontend"
slap_get_csn: conn=-1 op=0 generated new csn=20220106202401.439197Z#000000#000#000000 manage=0
ldif_read_file: read entry file: "/opt/symas/etc/openldap/slapd.d//cn=config.ldif"
=> str2entry: "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 fd732ca0
dn: cn=config
objectClass: olcGlobal
cn: config
structuralObjectClass: olcGlobal
entryUUID: 54643148-037a-103c-8b74-e78e18fa89a5
creatorsName: cn=config
createTimestamp: 20220106202401Z
entryCSN: 20220106202401.438467Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20220106202401Z
"
>>> dnPrettyNormal: <cn=config>
<<< dnPrettyNormal: <cn=config>, <cn=config>
>>> dnNormalize: <cn=config>
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
<<< dnNormalize: <cn=config>
<= str2entry(cn=config) -> 0x5574eedc22f8
ldif_write_entry: wrote entry "olcDatabase={-1}frontend,cn=config"
>>> dnPrettyNormal: <cn=admin,cn=config>
<<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config>
>>> dnPrettyNormal: <cn=admin,cn=config>
<<< dnPrettyNormal: <cn=admin,cn=config>, <cn=admin,cn=config>
>>> dnNormalize: <uid=ldap.sync,ou=People,dc=example,dc=com>
invalid bind config value binddn=uid=ldap.sync,ou=People,dc=example,dc=com
olcSyncrepl: value #0: Error: parse_syncrepl_line: unable to parse "binddn=uid=ldap.sync,ou=People,dc=example,dc=com"
.
failed to add syncinfo
syncinfo_free: rid=001
slapadd: could not add entry dn="olcDatabase={0}config,cn=config" (line=5): Error: parse_syncrepl_line: unable to parse "binddn=uid=ldap.sync,ou=People,dc=example,dc=com"
slapadd shutdown: initiated
slapadd destroy: freeing system resources.