Le 19/08/2025 à 16:15, Nick Milas a écrit :
Hello,
I am trying to migrate from a syncrepl consumer 2.4.58 on (CentOS 7)
to openldap 6.10 (on Rocky 9). All RPMs are LTB.
The initial config is text based (slapd.conf). I added lines for the
config database in slapd.conf:
database config
rootdn "cn=admin,cn=config"
rootpw {SSHA}***************************
and then:
slaptest -f /usr/local/openldap/etc/openldap/slapd.conf -F
/usr/local/openldap/etc/openldap/slapd.d
and then:
slapcat -F /usr/local/openldap/etc/openldap/slapd.d -n0 -l
/root/migration-file.ldif
Finally a/ I added modules, b/ I changed syncrepl id (to 182 so that
it is unique) and c/ I changed olcMirrorMode to olcMultiProvider
The result is here (full file, passwords removed):
https://pastebin.com/24bvSKkp <https://pastebin.com/24bvSKkp>
Eventually, I slapadd'ed the above into slapd.d on the new server:
[root@vmail4 openldap]# slapadd -vvv -n0 -F
/usr/local/openldap/etc/openldap/slapd.d -l
/root/migration-file.ldif added: "cn=config" (00000001) added:
"cn=module{0},cn=config" (00000001) added: "cn=schema,cn=config"
(00000001) added: "cn={0}core,cn=schema,cn=config" (00000001)
added: "cn={1}cosine,cn=schema,cn=config" (00000001) added:
"cn={2}inetorgperson,cn=schema,cn=config" (00000001) added:
"cn={3}nis,cn=schema,cn=config" (00000001) added:
"cn={4}eduperson,cn=schema,cn=config" (00000001) added:
"cn={5}postfix,cn=schema,cn=config" (00000001) added:
"cn={6}dyngroup,cn=schema,cn=config" (00000001) added:
"cn={7}misc,cn=schema,cn=config" (00000001) added:
"cn={8}schac-20090326-1,cn=schema,cn=config" (00000001) added:
"cn={9}dnsdomain2,cn=schema,cn=config" (00000001) added:
"cn={10}pdns-domaininfo,cn=schema,cn=config" (00000001) added:
"cn={11}proftpd-quota,cn=schema,cn=config" (00000001) added:
"cn={12}kerberos,cn=schema,cn=config" (00000001) added:
"cn={13}localemail,cn=schema,cn=config" (00000001) added:
"cn={14}entryaccess,cn=schema,cn=config" (00000001) added:
"cn={15}radius,cn=schema,cn=config" (00000001) added:
"olcDatabase={-1}frontend,cn=config" (00000001) added:
"olcDatabase={0}config,cn=config" (00000001) added:
"olcDatabase={1}mdb,cn=config" (00000001) added:
"olcOverlay={0}dynlist,olcDatabase={1}mdb,cn=config" (00000001)
added: "olcDatabase={2}monitor,cn=config" (00000001) Closing DB...
but it won't start:
Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14959]: [INFO] Using
/usr/local/openldap/etc/openldap/slapd-cli.conf for configuration
Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14950]: slapd-cli: [INFO]
Using /usr/local/openldap/etc/openldap/slapd-cli.conf for
configuration Aug 19 16:13:04 vmail4.noa.gr slapd-cli[14961]:
[INFO] Launching OpenLDAP configuration test... Aug 19 16:13:04
vmail4.noa.gr slapd-cli[14950]: slapd-cli: [INFO] Launching
OpenLDAP configuration test... Aug 19 16:13:04 vmail4.noa.gr
slapd-cli[14963]: [ALERT] OpenLDAP configuration test failed Aug
19 16:13:04 vmail4.noa.gr slapd-cli[14950]: slapd-cli: [ALERT]
OpenLDAP configuration test failed Aug 19 16:13:04 vmail4.noa.gr
systemd[1]: slapd-ltb.service: Control process exited,
code=exited, status=1/FAILURE
How can I identify the problem with the configuration?
I tried setting:
DEBUG_LEVEL="-1"
in /usr/local/openldap/etc/openldap/slapd-cli.conf but I don't see any
additional details.
Can you please provide some guidance on troubleshooting what is wrong?
Hello Nick,
you may have forgotten to set correct permissions on cn=config
directory. With LTB packages, do:
# chown -R ldap:ldap /usr/local/openldap/etc/openldap/slapd.d
To see debug logs, you can try to run slapd-cli debug
--
Clément Oudot | Identity Solutions Manager
Worteks |https://www.worteks.com
