We have the following setup:
- Two OpenLDAP servers - openldap1, openldap2
- They are to be set up as N-Way multi-master
- Certificates are all set up correctly with alternate names etc and trust each other
I want slapd to bind to all interfaces on the server, so was hoping to run the service as
/usr/sbin/slapd -u ldap -h ldaps://
However, this gives
5cabf191 <<< dnNormalize: <cn=subschema>
5cabf191 read_config: no serverID / URL match found. Check slapd -h arguments.
5cabf191 slapd destroy: freeing system resources.
5cabf191 syncinfo_free: rid=002
5cabf191 syncinfo_free: rid=002
5cabf191 slapd stopped.
5cabf191 connections_destroy: nothing to destroy.
I think i understand this to be because of our replication setup which looks like the following ServerIDs:
dn: cn=config
objectClass: olcGlobal
cn: config
..snipped..
olcTLSCertificateKeyFile: /etc/openldap/certs/keys/ldapskey.pem
olcTLSCertificateFile: /etc/openldap/certs/ldapscert.pem
olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem
olcServerID: 1 ldaps://openldap1
olcServerID: 2 ldaps://openldap2
entryCSN: 20190409004218.061111Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20190409004218Z
contextCSN: 20190409004339.981340Z#000000#000#000000
I think my error is because slapd -h argument cannot match to a serverID in the list?
If this is the case, how do I work around it?
If i manually run the following it, works, but this doesn't help me bind to all interfaces.
/usr/sbin/slapd -u ldap -h ldaps://openldap1
I have an IP that floats between both servers to give high availability if one were to go down, so need slapd to listen on all interfaces.
