OpenLDAP with LDAPS and N-Way Multi-master replication

We have the following setup:

  • Two OpenLDAP servers – openldap1, openldap2
  • They are to be set up as N-Way multi-master
  • Certificates are all set up correctly with alternate names etc and trust each other

I want slapd to bind to all interfaces on the server, so was hoping to run the service as

/usr/sbin/slapd -u ldap -h ldaps://  

However, this gives

5cabf191 <<< dnNormalize: <cn=subschema> 5cabf191 read_config: no serverID / URL match found. Check slapd -h arguments. 5cabf191 slapd destroy: freeing system resources. 5cabf191 syncinfo_free: rid=002 5cabf191 syncinfo_free: rid=002 5cabf191 slapd stopped. 5cabf191 connections_destroy: nothing to destroy. 

I think i understand this to be because of our replication setup which looks like the following ServerIDs:

dn: cn=config objectClass: olcGlobal cn: config ..snipped.. olcTLSCertificateKeyFile: /etc/openldap/certs/keys/ldapskey.pem olcTLSCertificateFile: /etc/openldap/certs/ldapscert.pem olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem olcServerID: 1 ldaps://openldap1 olcServerID: 2 ldaps://openldap2 entryCSN: 20190409004218.061111Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20190409004218Z contextCSN: 20190409004339.981340Z#000000#000#000000 

I think my error is because slapd -h argument cannot match to a serverID in the list?

If this is the case, how do I work around it?

If i manually run the following it, works, but this doesn’t help me bind to all interfaces.

/usr/sbin/slapd -u ldap -h ldaps://openldap1 

I have an IP that floats between both servers to give high availability if one were to go down, so need slapd to listen on all interfaces.