On 17/10/2011 9:52 μμ, Nick Milas wrote:
I upgraded with the same configuration to v2.4.26 and provider is not working
Hmm, actually I changed a couple of things:
1. I am now using a different openldap RPM package (with different paths etc.); This should not be important, because I have updated configuration accordingly and everything (except syncrepl provider) works fine. 2. I have chosen to use hdb rather than bdb in the new setup. All entries were migrated by using slapcat on the initial instance and then slapadd on the new openldap instance. (They were migrated successfully.
Could the use of hdb on the provider cause such a problem ("server is unwilling to perform")? (According to documentation hdb supports syncrepl).
I read that this error means that "lapd will return an unwilling to perform error if the backend holding the target entry does not support the given operation". Why wouldn't the backend support sync operations in this case?
Note that I tried (in consumers) all sorts of configurations (plain ldap without starttls or with starttls, ldaps) but nothing worked.
In any case, below is my whole slapd.conf (Note: In this Openldap RPM, provided by the LTB project, all modules are included and not dynamically loaded):
Thanks, Nick
----------------------------------------------------------------------------------- slapd.conf: ----------------------------------------------------------------------------------- include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/eduperson.schema include /usr/local/openldap/etc/openldap/schema/postfix.schema include /usr/local/openldap/etc/openldap/schema/dyngroup.schema include /usr/local/openldap/etc/openldap/schema/misc.schema include /usr/local/openldap/etc/openldap/schema/ppolicy.schema include /usr/local/openldap/etc/openldap/schema/schac-20090326-1.4.0.schema include /usr/local/openldap/etc/openldap/schema/dnsdomain2.schema include /usr/local/openldap/etc/openldap/schema/proftpd-quota.schema include /usr/local/openldap/etc/openldap/schema/kerberos.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules: modulepath /usr/local/openldap/lib64
loglevel sync
sizelimit unlimited timelimit unlimited
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/local/openldap/etc/openldap/certs/chain.pem TLSCertificateFile /usr/local/openldap/etc/openldap/certs/cert.pem TLSCertificateKeyFile /usr/local/openldap/etc/openldap/certs/priv.pem TLSVerifyClient never
database hdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw secret
######## # ACLs # ######## include /usr/local/openldap/etc/openldap/acl.conf
directory /usr/local/openldap/var/openldap-data
overlay auditlog auditlog /usr/local/openldap/var/openldap-data/ldapaudit.log
index objectClass eq,pres index employeeType pres,eq index cn eq,pres,sub index sn,givenname eq,pres,sub index mail eq,pres,sub index uid eq,pres index ou eq,pres index mailacceptinggeneralid eq,pres index owner eq index entryCSN,entryUUID eq index vacationActive eq index associatedDomain pres,eq,sub index aRecord,pTRRecord pres,eq,sub index aliasInactive eq index krbPrincipalName eq,pres,sub index schacUserStatus eq,pres
# Allow dynamic lists
overlay dynlist dynlist-attrset nisMailAlias labeledURI dynlist-attrset groupOfURLs labeledURI member
# Setup Provider - Allow Consumer Sync
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
database monitor
access to * by dn.exact="cn=Manager,dc=example,dc=com" read by * none
-----------------------------------------------------------------------------------