Hi all,
I am relatively new to openldap and I am having an issue when I try to setup Master-Slave replication. I don't know how to solve this issue and need your help please.
On the master I made a ldif file: [root@test-ldap ldif]# cat syncprov_mod.ldif dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: syncprov.la
Then I run command: [root@test-ldap ldif]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov_mod.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module,cn=config"
The output seems normal. But actually the slapd got messed up. So if I do slapcat I got:
[root@test-ldap ldif]# slapcat -n 0 5c9d1323 config error processing cn={0}module,cn=config: slapcat: bad configuration file!
And restart slapd failed. journalctl shows: Mar 28 11:40:39 test-ldap systemd[1]: Starting OpenLDAP Server Daemon... -- Subject: Unit slapd.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Hi Gao,
- perhaps can you try :
slaptest -f your_file.conf or slaptest -F your_directory_conf
to see what's going on.
- Can you check your right permission to your con directory slapd.d ? (must be openldap)
________________________________ De : openldap-technical openldap-technical-bounces@openldap.org de la part de Gao gao@pztop.com Envoyé : jeudi 28 mars 2019 19:46 À : openldap-technical@openldap.org Objet : Add module crashes slapd
Hi all,
I am relatively new to openldap and I am having an issue when I try to setup Master-Slave replication. I don't know how to solve this issue and need your help please.
On the master I made a ldif file: [root@test-ldap ldif]# cat syncprov_mod.ldif dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: syncprov.la
Then I run command: [root@test-ldap ldif]# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov_mod.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module,cn=config"
The output seems normal. But actually the slapd got messed up. So if I do slapcat I got:
[root@test-ldap ldif]# slapcat -n 0 5c9d1323 config error processing cn={0}module,cn=config: slapcat: bad configuration file!
And restart slapd failed. journalctl shows: Mar 28 11:40:39 test-ldap systemd[1]: Starting OpenLDAP Server Daemon... -- Subject: Unit slapd.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit slapd.service has begun starting up. Mar 28 11:40:39 test-ldap runuser[3427]: pam_unix(runuser:session): session opened for user ldap by (uid=0) Mar 28 11:40:39 test-ldap runuser[3427]: pam_unix(runuser:session): session closed for user ldap Mar 28 11:40:39 test-ldap check-config.sh[3424]: Checking configuration file failed: Mar 28 11:40:39 test-ldap check-config.sh[3424]: 5c9d1527 config error processing cn={0}module,cn=config: Mar 28 11:40:39 test-ldap check-config.sh[3424]: slaptest: bad configuration file! Mar 28 11:40:39 test-ldap slapd[3438]: @(#) $OpenLDAP: slapd 2.4.40 (Nov 6 2016 01:21:28) $
mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40 Mar 28 11:40:39 test-ldap slapd[3438]: config error processing cn={0}module,cn=config: Mar 28 11:40:39 test-ldap slapd[3438]: slapd stopped. Mar 28 11:40:39 test-ldap slapd[3438]: connections_destroy: nothing to destroy. Mar 28 11:40:39 test-ldap systemd[1]: slapd.service: control process exited, code=exited status=1 Mar 28 11:40:39 test-ldap systemd[1]: Failed to start OpenLDAP Server Daemon. -- Subject: Unit slapd.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit slapd.service has failed. -- -- The result is failed. Mar 28 11:40:39 test-ldap systemd[1]: Unit slapd.service entered failed state. Mar 28 11:40:39 test-ldap systemd[1]: slapd.service failed.
Thank you for your help.
Gao
On 3/28/19 7:46 PM, Gao wrote:
I am relatively new to openldap and I am having an issue when I try to setup Master-Slave replication. [..] Mar 28 11:40:39 test-ldap slapd[3438]: @(#) $OpenLDAP: slapd 2.4.40 (Nov 6 2016 01:21:28) $ mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40
This is your main issue: You're using CentOS packages of a very old OpenLDAP version. 2.4.40 was released 2014-09-20 and many fixes were made since then. Also Red Hat added custom back-port patches so no-one here will be able to help you with that.
Before trying anything else please upgrade.
If you don't want to compile yourself the LDAP Toolbox project provides packages for RHEL/CentOS compiled from plain OpenLDAP upstream release:
https://ltb-project.org/documentation/openldap-rpm#yum_repository
It's also my personal opinion that it's much easier for beginners to start with static config (aka slapd.conf). You can convert that later to dynamic config (aka cn=config) but not vice versa.
Ciao, Michael.
openldap-technical@openldap.org
-
Gao -
Michael Ströder -
Olivier -