lloadd and cn=config

Hi to all,

when I setup the loadbalancer lloadd via slapd.conf everything is working fine. Here my slapd.conf ----------------- TLSCertificateFile /opt/symas/etc/openldap/example-net-cert.pem TLSCertificateKeyFile /opt/symas/etc/openldap/example-net-key.pem TLSCACertificateFile /opt/symas/etc/openldap/cacert.pem

pidfile /var/symas/run/slapd.pid argsfile /var/symas/run/slapd.args

loglevel 256

modulepath /opt/symas/lib/openldap moduleload lloadd.la

backend lload

listen "ldap://:1389 ldaps://:1636"

feature proxyauthz

TLSShareSlapdCTX true

bindconf bindmethod=simple network-timeout=5 binddn=uid=lloadd,ou=users,dc=example,dc=net credentials=geheim tls_cacert="/opt/symas/etc/openldap/cacert.pem" tls_cert="/opt/symas/etc/openldap/example-net-cert.pem" tls_key="/opt/symas/etc/openldap/example-net-key.pem"

tier roundrobin backend-server uri=ldaps://provider01.example.net retry=5000 max-pending-ops=50 conn-max-pending=10 numconns=10 bindconns=5 backend-server uri=ldaps://provider02.example.net retry=5000 max-pending-ops=50 conn-max-pending=10 numconns=10 bindconns=5

database monitor rootdn cn=monitor rootpw geheim

-----------------

As soon as I change to cn=config with the following configuration: ----------------- dn: cn=config objectClass: olcGlobal cn: config olcLogLevel: stats olcPidFile: /var/symas/run/slapd.pid olcArgsFile: /var/symas/run/slapd.args olcToolThreads: 1 olcTLSCACertificateFile: /opt/symas/etc/openldap/cacert.pem olcTLSCertificateFile: /opt/symas/etc/openldap/example-net-cert.pem olcTLSCertificateKeyFile: /opt/symas/etc/openldap/example-net-key.pem

dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema

dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /opt/symas/lib/openldap olcModuleLoad: lloadd.la olcModuleLoad: argon2.la

dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcSizeLimit: 500 olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {1}to dn="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read olcPasswordHash: {ARGON2}

dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootDN: cn=admin,cn=config #olcRootPW: geheim olcRootPW: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$cXdlcnJ0enV6dWlvMTIz$G/l0lynf7ygdz0tG+E7S1fBibsFs/L80AUSisiGl/v4 olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage

dn: olcBackend={0}lload,cn=config objectClass: olcBackendConfig objectClass: olcBkLloadConfig olcBackend: {0}lload olcBkLloadBindconf: bindmethod=simple timeout=0 network-timeout=5 binddn="uid=lloadd,ou=users,dc=example,dc=net" credentials="geheim" keepalive=0:0:0 tcp-user-timeout=0 tls_cert="/opt/symas/etc/openldap/example-net-cert.pem" tls_key="/opt/symas/etc/openldap/example-net-key.pem" tls_cacert="/opt/symas/etc/openldap/cacert.pem" olcBkLloadIOThreads: 1 olcBkLloadListen: ldap://:1389 olcBkLloadListen: ldaps://:1636 olcBkLloadSockbufMaxClient: 16777215 olcBkLloadSockbufMaxUpstream: 16777215 olcBkLloadMaxPDUPerCycle: 10 olcBkLloadIOTimeout: 10000 olcBkLloadFeature: proxyauthz olcBkLloadTLSCRLCheck: none olcBkLloadVerifyClient: never olcBkLloadTLSProtocolMin: 0.0 olcBkLloadTLSShareSlapdCTX: TRUE olcBkLloadClientMaxPending: 0 olcBkLloadWriteCoherence: 0

dn: cn={0}tier 1,olcBackend={0}lload,cn=config objectClass: olcBkLloadTierConfig cn: {0}tier 1 olcBkLloadTierType: roundrobin

dn: cn={0}server 1,cn={0}tier 1,olcBackend={0}lload,cn=config objectClass: olcBkLloadBackendConfig cn: {0}server 1 olcBkLloadBackendUri: ldaps://provider01.example.net olcBkLloadNumconns: 10 olcBkLloadBindconns: 5 olcBkLloadRetry: 5000 olcBkLloadMaxPendingOps: 50 olcBkLloadMaxPendingConns: 10 olcBkLloadStartTLS: critical olcBkLloadWeight: 1

dn: cn={1}server 2,cn={0}tier 1,olcBackend={0}lload,cn=config objectClass: olcBkLloadBackendConfig cn: {1}server 2 olcBkLloadBackendUri: ldaps://provider02.example.net olcBkLloadNumconns: 10 olcBkLloadBindconns: 5 olcBkLloadRetry: 5000 olcBkLloadMaxPendingOps: 50 olcBkLloadMaxPendingConns: 10 olcBkLloadWeight: 1

dn: olcDatabase={1}monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to dn.subtree="cn=monitor" by dn.exact=cn=admin,cn=config read

----------------- The slapd is stating and with "ss -tlpn" I see port 1636 and 1389 as listen (next to 636 and 389) I git the following errormessage when I try to contect the ldap-server via the loadbalancer.

------------------- ldap_bind: Server is unavailable (52) additional info: no connections available

-------------------

Did I miss sommthing? I also try to translate the working slapd.conf with slaptest, but the result is the same.

Stefan