Hello,
I have to configure an OpenLDAP directory that store some informations about users and groups and that is a proxy with Active Directory. To do this, i configure two suffix on my openldap server : the first one is to store informations about users and groups and the second is for the Active Directory proxy (second suffix is embedded in the first one.
To configure the Active Directory proxy, i use an ldap backend with rwm overlay to rewrite some attributes and objectclass.
When i test my configuration with slaptest binary, i get this error : config error processing olcOverlay={0}rwm,olcDatabase={2}ldap,cn=config: <olcRwmMap> handler exited with 1 slaptest: bad configuration directory!
I am on a CentOS 5.4 server with OpenLDAP 2.4.20 (compile from sources) and Berkeley DB 4.6.21.
I'll give you my slapd.conf file :
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # serverid 001 # Inclusion des schemas include /opt/openldap/etc/openldap/schema/core.schema include /opt/openldap/etc/openldap/schema/cosine.schema include /opt/openldap/etc/openldap/schema/inetorgperson.schema include /opt/openldap/etc/openldap/schema/nis.schema include /opt/donnees/etc/openldap/schema/microsoft.schema # Log level loglevel -1 # The maximum number of entries that is returned for a search operation sizelimit unlimited # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 # PID File pidfile /opt/donnees/var/run/slapd.pid argsfile /opt/donnees/var/run/slapd.args # Load dynamic backend modules: #modulepath /opt/openldap/lib #moduleload back_hdb #moduleload back_monitor moduleload rwm # Access control policy: access to attrs=userPassword by self write by anonymous auth by * none access to dn.base="" by * read access to dn.subtree="cn=Monitor" by dn.exact="cn=admin,cn=config" write by users read by * none access to * by self write by dn="cn=admin,cn=config" write by * none # Configuration du backend backend hdb ####################################################################### # BDB database definitions ####################################################################### database monitor # Dynamic Config database config rootdn "cn=admin,cn=config" rootpw secret ####################################################################### # Configuration Proxy Active Directory database ldap suffix ou=proxy,dc=my-company,dc=meta rootdn "cn=admin,cn=config" subordinate uri ldap://192.168.44.88:389 lastmod off acl-authcDN cn=admin,cn=config acl-passwd secret idassert-bind bindmethod="simple" binddn="CN=srv_ldap,OU=Services-account,OU=Administration,dc=my-company,dc=local" credentials="Azerty00" mode="legacy" overlay rwm rwm-suffixmassage dc=my-company,dc=local rwm-map attribute uid sAMAccountName rwm-map attribute cn cn rwm-map attribute displayName displayName rwm-map attribute givenName givenName rwm-map attribute sn sn rwm-map attribute mail mail rwm-map attribute userPassword userPassword rwm-map attribute * rwm-map objectclass inetOrgPerson user ####################################################################### # Configuration Annuaire technique (habilitations, partenaires, internautes) database hdb suffix "dc=my-company,dc=meta" rootdn "cn=admin,cn=config" directory "/opt/donnees/var/openldap-data" checkpoint 512 30 dbconfig set_cachesize 0 128000000 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass,entryCSN,entryUUID eq index uid pres,eq,sub index sn pres,eq,sub index mail pres,eq,sub index cn pres,eq,sub lastmod on
When i install OpenLDAP on my server, i execute this commands : CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.6/lib" ./configure --prefix=/opt/openldap --enable-shared --enable-crypt=yes --enable-rewrite=yes --enable-bdb=yes --enable-hdb=yes --enable-ldap=mod --enable-meta=mod --enable-monitor=yes --enable-relay=mod --enable-overlays=yes --with-cyrus-sasl --with-threads=posix --with-tls=openssl make depend make make test make install
What's wrong with my installation or my config file ? Is this error is an OpenLDAP bug ?
Thank you for your help, Raphaël KISTER
--On Wednesday, December 16, 2009 8:07 AM -0800 KISTER RAPHAEL kraph@yahoo.com wrote:
Hello,
I have to configure an OpenLDAP directory that store some informations about users and groups and that is a proxy with Active Directory. To do this, i configure two suffix on my openldap server : the first one is to store informations about users and groups and the second is for the Active Directory proxy (second suffix is embedded in the first one.
To configure the Active Directory proxy, i use an ldap backend with rwm overlay to rewrite some attributes and objectclass.
When i test my configuration with slaptest binary, i get this error : config error processing olcOverlay={0}rwm,olcDatabase={2}ldap,cn=config: <olcRwmMap> handler exited with 1 slaptest: bad configuration directory!
What is your exact slaptest command? Why is modulepath commented out in your slapd.conf?
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
I have to configure an OpenLDAP directory that store some informations about users and groups and that is a proxy with Active Directory. To do this, i configure two suffix on my openldap server : the first one is to store informations about users and groups and the second is for the Active Directory proxy (second suffix is embedded in the first one.
To configure the Active Directory proxy, i use an ldap backend with rwm overlay to rewrite some attributes and objectclass.
When i test my configuration with slaptest binary, i get this error : config error processing olcOverlay={0}rwm,olcDatabase={2}ldap,cn=config: <olcRwmMap> handler exited with 1 slaptest: bad configuration directory!
Your configuration has nothing wrong, as far as I can tell. The "microsoft.schema" file is not distributed with OpenLDAP; since I don't have it available, I can't tell for sure, but probably the root cause is there.
Running your configuration without it, I get
slapd.1.conf: line 78: warning, destination attributeType 'sAMAccountName' is not defined in schema PROXIED attributeDescription "SAMACCOUNTNAME" inserted. slapd.1.conf: line 86: warning, destination objectClass 'user' is not defined in schema
which might be part of the problem if "sAMAccountName" and "user" are defined, but incompatible with their usage in slapo-rwm(5).
p.
openldap-technical@openldap.org