I inherited a pair of (interestingly configured) ldap servers from a
previous owner and I'm trying to get them to replicate to each other
(actually, starting with two new VM copies, with the goal of ending up with
four masters spread over two data centers). The VM's are running RHEL6 and
openldap 2.4.40.
When I try to add replication using the ldif included at the bottom of
this post , I get this error and then cannot restart slapd
--
[root@ldap01 tmp]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/repl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
modifying entry "olcDatabase={2}bdb,cn=config"
ldap_modify: Object class violation (65)
additional info: attribute 'olcTLSCertificateFile' not allowed
--
slapd restart error in the log is
read_config: no serverID / URL match found. Check slapd -h arguments.
(I assume this is coming from my three new syncprov providers which have
nothing to provide?)
The only reference I found to TLS anywhere was here
[root@ldap01 tmp]# slapcat -s olcDatabase=\{2}bdb,cn=config |grep TLS
olcTLSCertificateFile: /etc/pki/tls/certs/foobar_cert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/foobar_key.pem
Those files do not exist, never have!
(I admit I tried, and failed, to delete the reference)
What can I do to fix the TLS error? Where is there a TLS dependency in this
picture? Thank you for any clues!
[root@ldap01 tmp]# cat post.ldif
olcServerID: 1
ldap://ldap02.example.com
olcServerID: 2
ldap://ldap2.example.com
olcServerID: 3
ldap://ldap.example.com
dn: olcOverlay=syncprov,olcDatabase={2}bdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://ldap02.example.com
binddn="uid=Manager,dc=example,dc=com"
bindmethod=simple
credentials="managerpassword"
searchbase="dc=example,dc=com"
type=refreshAndPersist
retry="60 +"
timeout=1
olcSyncRepl: rid=002
provider=ldap://ldap2.example.com
binddn="uid=Manager,dc=example,dc=com"
bindmethod=simple
credentials="managerpassword"
searchbase="dc=example,dc=com"
type=refreshAndPersist
retry="60 1 300 12 7200 +"
timeout=1
olcSyncRepl: rid=003
provider=ldap://ldap.example.com
binddn="uid=Manager,dc=example,dc=com"
bindmethod=simple
credentials="managerpassword"
searchbase="dc=example,dc=com"
type=refreshAndPersist
retry="60 1 300 12 7200 +"
timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
thank you very much!