Hallo zusammen,
ich administriere 2 LDAP-Server. Einen Provider und einen Consumer. (Beide sind neu aufgesetzt unter SLES 11 SP3) Beide Server funktionieren auch grundsätzlich.
Wenn ich beim Consumer die Repliktionsdaten in die sldapd.conf eintrage bekomme ich beim Starten des LDAP-Servers (service ldap start) immer den Fehlerhinweis “Malformed “syncrepl” line in slapd config file, missing provider searchbase”. Meines Erachtens habe ich alle notwendigen Daten, also auch die searchbase eingetragen. Kann mir jemand sagen, was ich falsch mache, bzw. wie ich es richtig mache? Bin schon am Verzweifeln. Der LDAP hat mich schon etliche Stunden gekostet :’(
Anbei der Feherhinweis:
Apr 9 10:13:16 zzldap02p sshd[20179]: Connection closed by 10.8.3.88 [preauth]
Apr 9 10:13:29 zzldap02p slapd[20248]: @(#) $OpenLDAP: slapd 2.4.26 (May 11 2013 17:22:48) $ abuild@stravinsky:/usr/src/packages/BUILD/openldap-2.4.26/servers/slapd
Apr 9 10:13:29 zzldap02p slapd[20248]: /etc/openldap/slapd.conf: line 145: Error: Malformed "syncrepl" line in slapd config file, missing provider searchbase.
Apr 9 10:13:29 zzldap02p slapd[20248]: failed to add syncinfo
Apr 9 10:13:29 zzldap02p slapd[20248]: slapd stopped.
Apr 9 10:13:29 zzldap02p slapd[20248]: connections_destroy: nothing to destroy.
slapd.conf des Providers:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/YYY-attributes.schema
include /etc/openldap/schema/YYY-objects.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,userPKCS12
by self write
by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
by dn.base="cn=DMSAAA Modul,ou=DMSAAA,o=Administration,c=de" read
by * auth
#access to attr=shadowLastChange
# by self write
# by * read
#
#access to *
# by * read
access to dn.base="o=Administration,c=de"
by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" read
by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
access to dn.children="o=Administration,c=de"
by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
access to dn.base="o=FIRMA1,c=de"
by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" read
by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" read
by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
by dn.base="cn=IPEMAread,ou=IPEMA,o=Administration,c=de" read
by dn.base="cn=dkspider,ou=dkspider,o=Administration,c=de" read
access to dn.children="ou=Person,o=FIRMA1,c=de"
by dn.base="cn=DMSAAA Modul,ou=DMSAAA,o=Administration,c=de" read
by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" write
by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
by dn.base="cn=HHHHread,ou=HHHH,o=Administration,c=de" read
by dn.base="cn=dkspider,ou=dkspider,o=Administration,c=de" read
access to dn.children="o=FIRMA1,c=de"
by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" write
by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
by dn.base="cn=HHHHread,ou=HHHH,o=Administration,c=de" read
by dn.base="cn=dkspider,ou=dkspider,o=Administration,c=de" read
access to dn.base="o=Landesverwaltung Rheinland-Pfalz,c=de"
by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" write
by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
access to dn.children="o=FIRMA2,c=de"
by dn.base="cn=Konto Login Modul,ou=Informationssystem,ou=Administrative Dienste,o=FIRMA2,c=de"
write
by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" write
by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
by self write
# by * read
#access to * by self write
# by * read
disallow bind_anon
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
loglevel 4
TLSCertificateFile /etc/ssl/servercerts/servercert.pem
TLSCACertificatePath /etc/ssl/certs/
TLSCertificateKeyFile /etc/ssl/servercerts/serverkey.pem
TLSCipherSuite HIGH:MEDIUM:+SSLv2
database bdb
suffix "c=de"
rootdn "cn=Manager,c=de"
rootpw "{SSHA}3i/nHQ+UOZ5syPwY0/V7Go64p/lA0uaN"
directory /var/lib/ldap
checkpoint 1024 5
cachesize 10000
sizelimit 999999
# hinzugefuegt fuer replication
index objectClass eq
# Hinzugefuegt fuer Replication
index entryCSN,entryUUID eq
index uidNumber eq
# overlay syncprov
overlay syncprov
syncprov-checkpoint 100 10
# Maximale Anzahl der Eintraege fuer das Sessionlog im Arbeitsspeicher
syncprov-sessionlog 200
slapd.conf des Consumers:
1 #
2 # See slapd.conf(5) for details on configuration options.
3 # This file should NOT be world readable.
4 #
5 include /etc/openldap/schema/core.schema
6 include /etc/openldap/schema/cosine.schema
7 include /etc/openldap/schema/inetorgperson.schema
8 include /etc/openldap/schema/rfc2307bis.schema
9 include /etc/openldap/schema/yast.schema
10 include /etc/openldap/schema/YYY-attributes.schema
11 include /etc/openldap/schema/YYY-objects.schema
12
13 # Define global ACLs to disable default read access.
14
15 # Do not enable referrals until AFTER you have a working directory
16 # service AND an understanding of referrals.
17 #referral ldap://root.openldap.org
18
19 pidfile /var/run/slapd/slapd.pid
20 argsfile /var/run/slapd/slapd.args
21
22 # Load dynamic backend modules:
23
24 # MODULPATHZEILE war vorher nicht kommentiert
25
26 # modulepath /usr/lib/openldap/modules
27 # moduleload back_ldap.la
28 # moduleload back_meta.la
29 # moduleload back_monitor.la
30 # moduleload back_perl.la
31
32 # Sample security restrictions
33 # Require integrity protection (prevent hijacking)
34 # Require 112-bit (3DES or better) encryption for updates
35 # Require 63-bit encryption for simple bind
36 # security ssf=1 update_ssf=112 simple_bind=64
37
38 # Sample access control policy:
39 # Root DSE: allow anyone to read it
40 # Subschema (sub)entry DSE: allow anyone to read it
41 # Other DSEs:
42 # Allow self write access to user password
43 # Allow anonymous users to authenticate
# Allow read access to everything else
45 # Directives needed to implement policy:
46 access to dn.base=""
47 by * read
48
49 access to dn.base="cn=Subschema"
50 by * read
51
52 access to attrs=userPassword,userPKCS12
53 by self write
54 by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
55 by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
56 by dn.base="cn=DMSAAA Modul,ou=DMSAAA,o=Administration,c=de" read
57 by * auth
58
59 #access to attr=shadowLastChange
60 # by self write
61 # by * read
62 #
63 #access to *
64 # by * read
65
66 access to dn.base="o=Administration,c=de"
67 by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
68 by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" read
69 by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
70
71 access to dn.children="o=Administration,c=de"
72 by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
73
74 access to dn.base="o=Finanzverwaltung Rheinland-Pfalz,c=de"
75 by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" read
76 by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
77 by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" read
78 by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
79 by dn.base="cn=HHHHread,ou=HHHH,o=Administration,c=de" read
80 by dn.base="cn=dkspider,ou=dkspider,o=Administration,c=de" read
81
82 access to dn.children="ou=Person,o=Finanzverwaltung Rheinland-Pfalz,c=de"
83 by dn.base="cn=DMSAAA Modul,ou=DMSAAA,o=Administration,c=de" read
84 by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
85 by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
86 by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" write
87 by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
88 by dn.base="cn=HHHHread,ou=HHHH,o=Administration,c=de" read
89 by dn.base="cn=dkspider,ou=dkspider,o=Administration,c=de" read
90
91 access to dn.children="o=FIRMA1,c=de"
92 by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
93 by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
94 by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" write
95 by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
96 by dn.base="cn=HHHHread,ou=HHHH,o=Administration,c=de" read
97 by dn.base="cn=dkspider,ou=dkspider,o=Administration,c=de" read
98
99 access to dn.base="o=FIRMA2,c=de"
100 by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
101 by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
102 by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" write
103 by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
104
105 access to dn.children="o=FIRMA2,c=de"
106 by dn.base="cn=Konto Login Modul,ou=Informationssystem,ou=Administrative Diens te,o=FIRMA2,c=de"
107 write
108 by dn.base="cn=jndiServ Modul,ou=jndiServ,o=Administration,c=de" write
109 by dn.base="cn=XXZZread,ou=AdminUser,o=Administration,c=de" read
110 by dn.base="cn=XXZZwrite,ou=AdminUser,o=Administration,c=de" write
111 by dn.base="cn=ReplicationUser,ou=AdminUser,o=Administration,c=de" write
112 by self write
113 # by * read
114
115 #access to * by self write
116 # by * read
117
118 disallow bind_anon
119
120 # if no access controls are present, the default policy
121 # allows anyone and everyone to read anything but restricts
122 # updates to rootdn. (e.g., "access to * by * read")
123 #
124 # rootdn can always read and write EVERYTHING!
125
126 #######################################################################
127 # BDB database definitions
128 #######################################################################
129
130 database bdb
131 suffix "c=de"
132 rootdn "cn=Manager,c=de"
133 rootpw "{SSHA}3i/nHQ+UOZ5syPwY0/V7Go64p/lA0uaN"
134 directory /var/lib/ldap
135 checkpoint 1024 5
136 cachesize 10000
137 sizelimit 999999
138
139
140 # Indices to maintain
141 index objectClass eq
142 index uid pres,eq
143
144 loglevel 48
145 syncrepl rid=1
146 provider=ldap://yyldap01p:398
147 type=refreshAndPersist
148 retry="10 5 360"
149 searchbase="c=de"
150 filter="(objectClass=*)"
151 scope=sub
152 schemachecking=off
153 bindmethod=simple
154 binddn=cn=ReplicationUser,ou=AdminUser,o=AdminUser,o=Administration,c=de"
155 credentials=1234569
