We have the following setup:
- Two OpenLDAP servers – openldap1, openldap2
- They are to be set up as N-Way multi-master
- Certificates are all set up correctly with alternate names etc and trust each other
I want slapd to bind to all interfaces on the server, so was hoping to run the service as
/usr/sbin/slapd -u ldap -h ldaps://
However, this gives
5cabf191 <<< dnNormalize: <cn=subschema> 5cabf191 read_config: no serverID / URL match found. Check slapd -h arguments. 5cabf191 slapd destroy: freeing system resources. 5cabf191 syncinfo_free: rid=002 5cabf191 syncinfo_free: rid=002 5cabf191 slapd stopped. 5cabf191 connections_destroy: nothing to destroy.
I think i understand this to be because of our replication setup which looks like the following ServerIDs:
dn: cn=config objectClass: olcGlobal cn: config ..snipped.. olcTLSCertificateKeyFile: /etc/openldap/certs/keys/ldapskey.pem olcTLSCertificateFile: /etc/openldap/certs/ldapscert.pem olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem olcServerID: 1 ldaps://openldap1 olcServerID: 2 ldaps://openldap2 entryCSN: 20190409004218.061111Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20190409004218Z contextCSN: 20190409004339.981340Z#000000#000#000000
I think my error is because slapd -h argument cannot match to a serverID in the list?
If this is the case, how do I work around it?
If i manually run the following it, works, but this doesn’t help me bind to all interfaces.
/usr/sbin/slapd -u ldap -h ldaps://openldap1
I have an IP that floats between both servers to give high availability if one were to go down, so need slapd to listen on all interfaces.