Hello,
I am trying to migrate from a syncrepl consumer 2.4.58 on (CentOS 7) to openldap 6.10 (on Rocky 9). All RPMs are LTB.
The initial config is text based (slapd.conf). I added lines for the config database in slapd.conf:
database config rootdn "cn=admin,cn=config" rootpw {SSHA}***************************
and then:
slaptest -f /usr/local/openldap/etc/openldap/slapd.conf -F /usr/local/openldap/etc/openldap/slapd.d
and then:
slapcat -F /usr/local/openldap/etc/openldap/slapd.d -n0 -l /root/migration-file.ldif
Finally a/ I added modules, b/ I changed syncrepl id (to 182 so that it is unique) and c/ I changed olcMirrorMode to olcMultiProvider
The result is here (full file, passwords removed):
https://pastebin.com/24bvSKkp https://pastebin.com/24bvSKkp
Eventually, I slapadd'ed the above into slapd.d on the new server:
[root@vmail4 openldap]# slapadd -vvv -n0 -F /usr/local/openldap/etc/openldap/slapd.d -l /root/migration-file.ldif added: "cn=config" (00000001) added: "cn=module{0},cn=config" (00000001) added: "cn=schema,cn=config" (00000001) added: "cn={0}core,cn=schema,cn=config" (00000001) added: "cn={1}cosine,cn=schema,cn=config" (00000001) added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001) added: "cn={3}nis,cn=schema,cn=config" (00000001) added: "cn={4}eduperson,cn=schema,cn=config" (00000001) added: "cn={5}postfix,cn=schema,cn=config" (00000001) added: "cn={6}dyngroup,cn=schema,cn=config" (00000001) added: "cn={7}misc,cn=schema,cn=config" (00000001) added: "cn={8}schac-20090326-1,cn=schema,cn=config" (00000001) added: "cn={9}dnsdomain2,cn=schema,cn=config" (00000001) added: "cn={10}pdns-domaininfo,cn=schema,cn=config" (00000001) added: "cn={11}proftpd-quota,cn=schema,cn=config" (00000001) added: "cn={12}kerberos,cn=schema,cn=config" (00000001) added: "cn={13}localemail,cn=schema,cn=config" (00000001) added: "cn={14}entryaccess,cn=schema,cn=config" (00000001) added: "cn={15}radius,cn=schema,cn=config" (00000001) added: "olcDatabase={-1}frontend,cn=config" (00000001) added: "olcDatabase={0}config,cn=config" (00000001) added: "olcDatabase={1}mdb,cn=config" (00000001) added: "olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config" (00000001) added: "olcDatabase={2}monitor,cn=config" (00000001) Closing DB...
but it won't start:
Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14959]: [INFO] Using /usr/local/openldap/etc/openldap/slapd-cli.conf for configuration Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14950]: slapd-cli: [INFO] Using /usr/local/openldap/etc/openldap/slapd-cli.conf for configuration Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14961]: [INFO] Launching OpenLDAP configuration test... Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14950]: slapd-cli: [INFO] Launching OpenLDAP configuration test... Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14963]: [ALERT] OpenLDAP configuration test failed Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14950]: slapd-cli: [ALERT] OpenLDAP configuration test failed Aug 19 16:13:04 vmail4.noa.gr systemd[1]: slapd-ltb.service: Control process exited, code=exited, status=1/FAILURE
How can I identify the problem with the configuration?
I tried setting:
DEBUG_LEVEL="-1"
in /usr/local/openldap/etc/openldap/slapd-cli.conf but I don't see any additional details.
Can you please provide some guidance on troubleshooting what is wrong?
Thanks in advance, Nick
Le 19/08/2025 à 16:15, Nick Milas a écrit :
Hello,
I am trying to migrate from a syncrepl consumer 2.4.58 on (CentOS 7) to openldap 6.10 (on Rocky 9). All RPMs are LTB.
The initial config is text based (slapd.conf). I added lines for the config database in slapd.conf:
database config rootdn "cn=admin,cn=config" rootpw {SSHA}***************************and then:
slaptest -f /usr/local/openldap/etc/openldap/slapd.conf -F /usr/local/openldap/etc/openldap/slapd.dand then:
slapcat -F /usr/local/openldap/etc/openldap/slapd.d -n0 -l /root/migration-file.ldifFinally a/ I added modules, b/ I changed syncrepl id (to 182 so that it is unique) and c/ I changed olcMirrorMode to olcMultiProvider
The result is here (full file, passwords removed):
https://pastebin.com/24bvSKkp <https://pastebin.com/24bvSKkp>Eventually, I slapadd'ed the above into slapd.d on the new server:
[root@vmail4 openldap]# slapadd -vvv -n0 -F /usr/local/openldap/etc/openldap/slapd.d -l /root/migration-file.ldif added: "cn=config" (00000001) added: "cn=module{0},cn=config" (00000001) added: "cn=schema,cn=config" (00000001) added: "cn={0}core,cn=schema,cn=config" (00000001) added: "cn={1}cosine,cn=schema,cn=config" (00000001) added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001) added: "cn={3}nis,cn=schema,cn=config" (00000001) added: "cn={4}eduperson,cn=schema,cn=config" (00000001) added: "cn={5}postfix,cn=schema,cn=config" (00000001) added: "cn={6}dyngroup,cn=schema,cn=config" (00000001) added: "cn={7}misc,cn=schema,cn=config" (00000001) added: "cn={8}schac-20090326-1,cn=schema,cn=config" (00000001) added: "cn={9}dnsdomain2,cn=schema,cn=config" (00000001) added: "cn={10}pdns-domaininfo,cn=schema,cn=config" (00000001) added: "cn={11}proftpd-quota,cn=schema,cn=config" (00000001) added: "cn={12}kerberos,cn=schema,cn=config" (00000001) added: "cn={13}localemail,cn=schema,cn=config" (00000001) added: "cn={14}entryaccess,cn=schema,cn=config" (00000001) added: "cn={15}radius,cn=schema,cn=config" (00000001) added: "olcDatabase={-1}frontend,cn=config" (00000001) added: "olcDatabase={0}config,cn=config" (00000001) added: "olcDatabase={1}mdb,cn=config" (00000001) added: "olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config" (00000001) added: "olcDatabase={2}monitor,cn=config" (00000001) Closing DB...but it won't start:
Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14959]: [INFO] Using /usr/local/openldap/etc/openldap/slapd-cli.conf for configuration Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14950]: slapd-cli: [INFO] Using /usr/local/openldap/etc/openldap/slapd-cli.conf for configuration Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14961]: [INFO] Launching OpenLDAP configuration test... Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14950]: slapd-cli: [INFO] Launching OpenLDAP configuration test... Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14963]: [ALERT] OpenLDAP configuration test failed Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14950]: slapd-cli: [ALERT] OpenLDAP configuration test failed Aug 19 16:13:04 vmail4.noa.gr systemd[1]: slapd-ltb.service: Control process exited, code=exited, status=1/FAILUREHow can I identify the problem with the configuration?
I tried setting:
DEBUG_LEVEL="-1"in /usr/local/openldap/etc/openldap/slapd-cli.conf but I don't see any additional details.
Can you please provide some guidance on troubleshooting what is wrong?
Hello Nick,
you may have forgotten to set correct permissions on cn=config directory. With LTB packages, do:
# chown -R ldap:ldap /usr/local/openldap/etc/openldap/slapd.d
To see debug logs, you can try to run slapd-cli debug
On 19/8/2025 5:31 μ.μ., Clément OUDOT wrote:
you may have forgotten to set correct permissions on cn=config directory. With LTB packages, do:
# chown -R ldap:ldap /usr/local/openldap/etc/openldap/slapd.d
To see debug logs, you can try to run slapd-cli debug
Hi Clement,
Thanks for replying.
Actually "slapd-cli debug" helped. The issue was that it was trying to load slapd.conf and its dependencies.
(Permissions / ownership of slapd.d tree were fine.)
I thought that in v2.6.x configuration using slapd.conf is no more supported. However, I found that slapd-cli was pre-configured to run using slapd.conf.
I changed settings in slapd-cli.conf which were:
SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf" SLAPD_CONF_DIR=""
to:
SLAPD_CONF="" SLAPD_CONF_DIR="$SLAPD_PATH/etc/openldap/slapd.d"
and things worked fine; openldap loads and works fine.
Interestingly, on another server (also Rocky 9) where I have also installed openldap-ltb, ldap-cli.conf had different initial settings:
SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf" SLAPD_CONF_DIR="/usr/local/openldap/etc/openldap/slapd.d"
In this case it seems that the latter setting takes precedence because it loads normally although there exists a slapd.conf file as well.
Yet, I wonder how the two servers had different slapd-cli.conf settings. I guess when the package is installed it may adapt config file(s) according to some system parameters.
Best regards, Nick
openldap-technical@openldap.org
-
Clément OUDOT -
Nick Milas