I inherited a pair of (interestingly configured) ldap servers from a previous owner and I'm trying to get them to replicate to each other (actually, starting with two new VM copies, with the goal of ending up with four masters spread over two data centers). The VM's are running RHEL6 and openldap 2.4.40. When I try to add replication using the ldif included at the bottom of this post , I get this error and then cannot restart slapd -- [root@ldap01 tmp]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/repl.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config" modifying entry "olcDatabase={2}bdb,cn=config" ldap_modify: Object class violation (65) additional info: attribute 'olcTLSCertificateFile' not allowed -- slapd restart error in the log is read_config: no serverID / URL match found. Check slapd -h arguments. (I assume this is coming from my three new syncprov providers which have nothing to provide?) The only reference I found to TLS anywhere was here [root@ldap01 tmp]# slapcat -s olcDatabase=\{2}bdb,cn=config |grep TLS olcTLSCertificateFile: /etc/pki/tls/certs/foobar_cert.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/foobar_key.pem Those files do not exist, never have! (I admit I tried, and failed, to delete the reference) What can I do to fix the TLS error? Where is there a TLS dependency in this picture? Thank you for any clues! [root@ldap01 tmp]# cat post.ldif olcServerID: 1 ldap://ldap02.example.com olcServerID: 2 ldap://ldap2.example.com olcServerID: 3 ldap://ldap.example.com dn: olcOverlay=syncprov,olcDatabase={2}bdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={2}bdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://ldap02.example.com binddn="uid=Manager,dc=example,dc=com" bindmethod=simple credentials="managerpassword" searchbase="dc=example,dc=com" type=refreshAndPersist retry="60 +" timeout=1 olcSyncRepl: rid=002 provider=ldap://ldap2.example.com binddn="uid=Manager,dc=example,dc=com" bindmethod=simple credentials="managerpassword" searchbase="dc=example,dc=com" type=refreshAndPersist retry="60 1 300 12 7200 +" timeout=1 olcSyncRepl: rid=003 provider=ldap://ldap.example.com binddn="uid=Manager,dc=example,dc=com" bindmethod=simple credentials="managerpassword" searchbase="dc=example,dc=com" type=refreshAndPersist retry="60 1 300 12 7200 +" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE thank you very much!