[email protected] schrieb:
> Hi all,
>
> i have a problem getting openldap to run monitor backend AND syncrepl
> overlay.
> i'm running freebsd-7.2-release-p6 in combination with
> openldap-server-2.4.19 with sasl support compiled in.
>
> i use the following slapd config:
>
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/nis.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/misc.schema
> include /usr/local/etc/openldap/schema/ldapns.schema
> include /usr/local/etc/openldap/schema/radius.schema
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
> logfile /var/log/slapd.log
>
> password-hash {SSHA}
> modulepath /usr/local/libexec/openldap
> moduleload back_bdb
> moduleload back_monitor
>
> access to dn.base="" by * read
> access to dn.base="cn=Subschema" by * read
> access to *
> by ssf=128 dn="cn=admin,dc=example,dc=de" write
> by dn="cn=admin,dc=example,dc=de" peername.ip=127.0.0.1 write
> by ssf=96 dn="cn=nssadmin,dc=example,dc=de" read
> by dn="cn=nssadmin,dc=example,dc=de" peername.ip=127.0.0.1 read
> by anonymous auth
> by * none
> access to attrs=userPassword
> by self write
> by anonymous auth
> by * none
>
> database bdb
> suffix "dc=example,dc=de"
> rootdn "dc=example,dc=de"
> directory /var/db/openldap-data
> index objectClass,entryCSN,entryUUID eq
> index uid pres,eq,sub
> index memberUID eq
> index uidNumber,gidNumber eq
> index host eq
>
> database monitor
> rootdn "cn=monitoring,cn=Monitor"
> rootpw monitoring
>
> access to dn.subtree="cn=Monitor"
> by dn="cn=nssadmin,dc=example,dc=de"
> by * none
>
> syncrepl rid=041
> provider=ldap://ldap-master.example.de
> type=refreshOnly
> interval=00:00:35:00
> searchbase="dc=example,dc=de"
> schemachecking=off
> bindmethod=simple
> starttls=yes
> binddn="cn=syncuser,dc=example,dc=de"
> credentials="strongsecretpassword"
>
> TLSCertificateFile /usr/local/etc/openldap/ssl/ldap-crt.pem
> TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap-key.pem
> TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem
>
> loglevel 256
>
> now, when i run slaptest i receive following error:
>
> /usr/local/etc/openldap/slapd.conf: line 59: database monitor does not
> support operations required for syncrepl
> slaptest: bad configuration file!
>
> Line 59 corresponds to the credentials option in the synrepl statement.
> i can't figure out whats wrong, so if anyone can point me in the right
> direction that would be really helpful.
>
> thanks in advance,
> david
>
Hi David,
from the slapd.conf(5) manpage:
The slapd.conf file consists of a series of global confi-
guration options that apply to slapd as a whole (including
all backends), followed by zero or more database backend
definitions that contain information specific to a backend
instance.
Which means that your syncrepl stuff is placed in the back-monitor
specific part of the configuration. Put the syncrepl part before the
monitor definition and behind the bdb definition.
Regards,
Christian Manal
