Re: Trying to set up multimaster syncrepl, error attribute 'olcTLSCertificateFile' not allowed , why?
--On Friday, November 20, 2015 12:27 AM -0500 Betsy Schwartz
<betsy.schwartz(a)gmail.com> wrote:
I inherited a pair of (interestingly configured) ldap servers from a
previous owner and I'm trying to get them to replicate to each other
(actually, starting with two new VM copies, with the goal of ending up
with four masters spread over two data centers). The VM's are running
RHEL6 and openldap 2.4.40.
When I try to add replication using the ldif included at the bottom of
this post , I get this error and then cannot restart slapd
--
[root@ldap01 tmp]# ldapmodify -Y EXTERNAL -H ldapi:/// -f
/tmp/repl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
modifying entry "olcDatabase={2}bdb,cn=config"
ldap_modify: Object class violation (65)
additional info: attribute 'olcTLSCertificateFile' not
allowed
Hi Betsy,
I would suggest using slapcat to export the config database and clean up
the invalid attribute values that were incorrectly added to the bdb
database.
After that, I would advise:
a) Upgrading to a current openldap release
b) Switching to back-mdb, assuming a 64-bit OS.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration