Hello -
I am new to LDAP and I'm trying to setup Sync Replication on a Fedora Core 8 system (2.6.23.9-85.fc8). However, when I start the LDAP service, I get the following error message: Checking configuration files for slapd: [FAILED] overlay "syncprov" not found slaptest: bad configuration file!
I've searched the archived threads for this group (as well as many others) and wasn't able to find any postings that matched what I'm seeing. If I missed an old post by mistake, I apologize in advance. I've included a copy of my slapd.conf file below. The interesting thing is that when I comment out the following lines, LDAP will start without any issues: overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
This leads me to believe that the issue is with the replication process, but I can't figure out what I'm doing wrong. I've followed the examples given in the OpenLDAP Admin Guide, but it just doesn't seem to want to work for me. Also, in case anyone asks, here are the packages installed on the server in question: openldap-2.3.39-3.fc8 openldap-devel-2.3.39-3.fc8 openldap-servers-2.3.39-3.fc8 openldap-clients-2.3.39-3.fc8
Any information or recommendations to what is happening would be greatly appreciated. Also, please let me know if I need to supply more information. Thanks in advance.
- Andy
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/misc.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/lib64/openldap # moduleload accesslog.la # moduleload auditlog.la moduleload back_sql.la # moduleload denyop.la # moduleload dyngroup.la # moduleload dynlist.la moduleload lastmod.la # moduleload pcache.la # moduleload ppolicy.la # moduleload refint.la # moduleload retcode.la # moduleload rwm.la moduleload syncprov.la # moduleload translucent.la # moduleload unique.la # moduleload valsort.la
access to attrs=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=jets,dc=local" write by * none access to * by self write by dn.base="cn=Manager,dc=jets,dc=local" write by * read
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=jets,dc=local" rootdn "cn=Manager,dc=jets,dc=local" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw b0xster rootpw {SSHA}/5PsWrAXNKNKJmhiZAfUPLkMOUcgbtXN
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryUUID,entryCSN eq
# Replicas of this database #replogfile /var/lib/ldap/openldap-slave-replog
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 #lastmod on
serverID 2
syncrepl rid=002 provider=ldap://10.xx.x.xx type=refreshAndPersist searchbase="dc=jets,dc=local" schemachecking=on bindmethod=simple binddn="cn=mirrormode,dc=jets,dc=local" credentials=mirrormode retry="60 +"
#updateref ldap://10.xx.x.xx
mirrormode on
________________________________ This email and any attachments may be confidential and are intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient of this email, the following stipulations govern the use of this information: You may not take any action based upon its contents. You may not copy or show this message or attachments to anyone. You should contact the sender and subsequently delete this message and all attachments.
Any views or opinions expressed are solely those of the author and do not necessarily represent those of Special Operations Technology, Incorporated.
While antivirus software has been applied, you should perform due diligence to check this email and attachments for the presence of viruses. No warranties or assurances are made in relation to the safety and content of this email and attachments. Special Operations Technology, Incorporated accepts no liability for any damages caused by any virus transmitted by or contained in this email and attachments.
No liability is accepted for any consequences arising from this email transmission whatsoever.
Special Operations Technology, Incorporated is a premier IT professional services firm focused in the government and law enforcement space.
Quoting Andrew Debenham adebenham@sotech1.com:
Checking configuration files for slapd: [FAILED] overlay "syncprov" not found slaptest: bad configuration file!
As you probably already know, the syncprov module needs to be loaded *before* the syncprov overlay is invoked. From your config file, it looks like you understand that, but the error suggests that the module is not being loaded anyway. I think I see why:
# moduleload retcode.la # moduleload rwm.la moduleload syncprov.la # moduleload translucent.la
It's that leading space on the line that loads the syncprov module: remove it. Unlike many other types of config files, in slapd.conf lines with leading spaces are seen as continuations of previous lines. So, since the line above it is a comment, with that leading space there your instruction to load the syncprov module is still commented out.
Cheers,
Jaap
Jaap -
Thank you so much for your help - removing the white space before the moduleload commands did the trick! I really should have noticed that but I think I was focusing too much on the error message and not on the simple things. Also, I wasn't aware that slapd was that picky about its configuration file; I'll keep that in mind the next time I edit this file. Thanks again for your help and the quick response!
- Andy
-----Original Message----- From: Jaap Winius [mailto:jwinius@umrk.nl] Sent: Saturday, January 09, 2010 4:00 PM To: openldap-technical@openldap.org Subject: Re: overlay "syncprov" not found
Quoting Andrew Debenham adebenham@sotech1.com:
Checking configuration files for slapd: [FAILED] overlay "syncprov" not found slaptest: bad configuration file!
As you probably already know, the syncprov module needs to be loaded *before* the syncprov overlay is invoked. From your config file, it looks like you understand that, but the error suggests that the module is not being loaded anyway. I think I see why:
# moduleload retcode.la # moduleload rwm.la moduleload syncprov.la # moduleload translucent.la
It's that leading space on the line that loads the syncprov module: remove it. Unlike many other types of config files, in slapd.conf lines with leading spaces are seen as continuations of previous lines. So, since the line above it is a comment, with that leading space there your instruction to load the syncprov module is still commented out.
Cheers,
Jaap
This email and any attachments may be confidential and are intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient of this email, the following stipulations govern the use of this information: You may not take any action based upon its contents. You may not copy or show this message or attachments to anyone. You should contact the sender and subsequently delete this message and all attachments.
Any views or opinions expressed are solely those of the author and do not necessarily represent those of Special Operations Technology, Incorporated.
While antivirus software has been applied, you should perform due diligence to check this email and attachments for the presence of viruses. No warranties or assurances are made in relation to the safety and content of this email and attachments. Special Operations Technology, Incorporated accepts no liability for any damages caused by any virus transmitted by or contained in this email and attachments.
No liability is accepted for any consequences arising from this email transmission whatsoever.
Special Operations Technology, Incorporated is a premier IT professional services firm focused in the government and law enforcement space.
Andrew Debenham wrote:
Hello –
I am new to LDAP and I’m trying to setup Sync Replication on a Fedora Core 8 system (2.6.23.9-85.fc8). However, when I start the LDAP service, I get the following error message:
Checking configuration files for slapd: [FAILED]
overlay "syncprov" not found
slaptest: bad configuration file!
I’ve searched the archived threads for this group (as well as many others) and wasn’t able to find any postings that matched what I’m seeing. If I missed an old post by mistake, I apologize in advance. I’ve included a copy of my slapd.conf file below. The interesting thing is that when I comment out the following lines, LDAP will start without any issues:
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
This leads me to believe that the issue is with the replication process, but I can’t figure out what I’m doing wrong. I’ve followed the examples given in the OpenLDAP Admin Guide, but it just doesn’t seem to want to work for me. Also, in case anyone asks, here are the packages installed on the server in question:
openldap-2.3.39-3.fc8
openldap-devel-2.3.39-3.fc8
openldap-servers-2.3.39-3.fc8
openldap-clients-2.3.39-3.fc8
On RHEL systems, the overlays are in a separate RPM, openldap-servers-overlays:
# rpm -qa | grep openldap | sort openldap-2.3.43-3.el5 openldap-clients-2.3.43-3.el5 openldap-servers-2.3.43-3.el5 openldap-servers-overlays-2.3.43-3.el5
Since RHEL is based on Fedora, I bet you need to install the separate overly RPM on FC8, too
-- Prentice
openldap-technical@openldap.org