Hi,
We updated from 2.4.23 to 2.4.39 and ran into the following issues around specifying listen interfaces for slapd. We run an n-way multi-master configuration.
It appears as if a specific interface needs to be specified in order to start slapd, and using a specific interface is prevented by a binding to all interfaces. Is this expected behavior, or a bug?
Running slapd as below results in an error:
$ /usr/sbin/slapd -d 1 -h "ldap:// ldapi://" -u ldap ... 546cfa04 read_config: no serverID / URL match found. Check slapd -h arguments. 546cfa04 slapd destroy: freeing system resources. 546cfa04 syncinfo_free: rid=001 546cfa04 syncinfo_free: rid=001 546cfa04 slapd stopped. 546cfa04 connections_destroy: nothing to destroy.
Specifying the hostname of this ldap server (ldap02) addresses the error, but introduces another- the listener can't be started since it conflicts with the INADDR_ANY interface definition "ldap://":
$ /usr/sbin/slapd -d 1 -h "ldap:// ldapi:// ldap://ldap02" -u ldap ... 546cfb52 slapd starting 546cfb53 daemon: listen(ldap://ldap02, 5) failed errno=98 (Address already in use) 546cfb53 slapd shutdown: initiated 546cfb53 ====> bdb_cache_release_all 546cfb53 slapd destroy: freeing system resources. 546cfb53 syncinfo_free: rid=001 546cfb53 syncinfo_free: rid=001 546cfb53 slapd stopped.
Removing the binding to INADDR_ANY (ldap://) allows slapd to be started:
$ /usr/sbin/slapd -d 1 -h "ldapi:// ldap://ldap02" -u ldap
Thanks, Jason
--On November 19, 2014 at 3:37:11 PM -0500 Jason Swank jswank@sonatype.com wrote:
Hi,
We updated from 2.4.23 to 2.4.39 and ran into the following issues around specifying listen interfaces for slapd. We run an n-way multi-master configuration.
are you replicating the cn=config db?
--Quanah
Jason Swank wrote:
Running slapd as below results in an error:
$ /usr/sbin/slapd -d 1 -h "ldap:// ldapi://" -u ldap ... 546cfa04 read_config: no serverID / URL match found. Check slapd -h arguments.
^^^^^^^^^^^^^^^^^^^^^^^^^
Read about server IDs in configuration required for MMR. Fiddling only with -h is not enough.
Static configuration: serverID, see slapd.conf(5)
Dynamic configuration: olcServerID, see slapd-config(5)
Ciao, Michael.
Hi,
Quanah Gibson-Mount wrote:
are you replicating the cn=config db?
Yes.
Michael Ströder wrote:
$ /usr/sbin/slapd -d 1 -h "ldap:// ldapi://" -u ldap ... 546cfa04 read_config: no serverID / URL match found. Check slapd -h arguments.
^^^^^^^^^^^^^^^^^^^^^^^^^Read about server IDs in configuration required for MMR. Fiddling only with -h is not enough.
Dynamic configuration: olcServerID, see slapd-config(5)
This is set- ldap02 is listed there, so it seems read_config error is understandable since it could not be inferred from ldap://
What about the interface bind conflict when ldap:// is specified? Is that expected behavior?
Thanks again, Jason
On Wed, Nov 19, 2014 at 04:09:32PM -0500, Jason Swank wrote:
What about the interface bind conflict when ldap:// is specified? Is that expected behavior?
Yes. ldap:/// binds to port 389 on *all* IPv4 and IPv6 interfaces. If you also have ldap://<hostname>/ then you are trying to bind at least one of those interfaces twice.
Note also that you should be using fully-qualified domain names everywhere. Simple hostnames will not work properly with TLS.
Andrew
openldap-technical@openldap.org
-
Andrew Findlay -
Jason Swank -
Michael Ströder -
Quanah Gibson-Mount