Hi,
I am running slapd 2.4.33 on RHEL, compiled from the sources. I successfully configured meta backend using old style slapd.conf. My aim is to browse two Active Directories in two separate forests (success) and to collect in a new group all users members of two local groups, one for each domain (not done yet). For the latter I read that the dynlist overlay is what I need and I created a hdb database. The configuration examples I found for dynlist are in the cn=config style, so I felt pushed to convert my configuration (slapd -f slapd.conf -F slapd.d). I did it, but the results are not as expected, because slapd starts, but slaptest for the new config issues an error.
# slaptest -f slapd.conf 51137c4c hdb_monitor_db_open: monitoring disabled; configure monitor database to enable config file testing succeeded
# slaptest 51137c5a olcDbURI: value #0: unable to parse URI #0 in "olcDbURI <protocol>://<server>[:port]/<naming context>". 51137c5a config error processing olcMetaSub={0}uri,olcDatabase={1}meta,cn=config: unable to parse URI #0 in "olcDbURI <protocol>://<server>[:port]/<naming context>" slaptest: bad configuration file!
I assume, please tell me if I am wrong, that if you have the new cn=config files, then slapd.conf is not used. But I remove or rename it slapd does not start and the error message is the same as for slaptest.
olcDbURI: value #0: unable to parse URI #0 in "olcDbURI <protocol>://<server>[:port]/<naming context>". config error processing olcMetaSub={0}uri,olcDatabase={1}meta,cn=config: unable to parse URI #0 in "olcDbURI <protocol>://<server>[:port]/<naming context>" slapd stopped.
So I am wondering if the new config files are even read when slapd starts correctly (i.e. when called with both "-f" and "-F" flags). I know that one of the new features of version 2.4.33 is just the cn=config support for meta.
Any ideas? Thanks in advance, Francesco
francesco.policastro@selex-es.com wrote:
Hi,
I am running slapd 2.4.33 on RHEL, compiled from the sources. I successfully configured meta backend using old style slapd.conf. My aim is to browse two Active Directories in two separate forests (success) and to collect in a new group all users members of two local groups, one for each domain (not done yet). For the latter I read that the dynlist overlay is what I need and I created a hdb database. The configuration examples I found for dynlist are in the cn=config style, so I felt pushed to convert my configuration (slapd -f slapd.conf -F slapd.d). I did it, but the results are not as expected, because slapd starts, but slaptest for the new config issues an error.
# slaptest -f slapd.conf 51137c4c hdb_monitor_db_open: monitoring disabled; configure monitor database to enable config file testing succeeded
# slaptest 51137c5a olcDbURI: value #0: unable to parse URI #0 in "olcDbURI <protocol>://<server>[:port]/<naming context>". 51137c5a config error processing olcMetaSub={0}uri,olcDatabase={1}meta,cn=config: unable to parse URI #0 in "olcDbURI <protocol>://<server>[:port]/<naming context>" slaptest: bad configuration file!
I assume, please tell me if I am wrong, that if you have the new cn=config files, then slapd.conf is not used. But I remove or rename it slapd does not start and the error message is the same as for slaptest.
Sounds like a bug in the conversion from slapd.conf to cn=config format. Please submit an ITS with your slapd.conf.
openldap-technical@openldap.org
-
francesco.policastro@selex-es.com -
Howard Chu