Problem in Final Provision Script - samba4-pre-Alph9

Howard Chu hyc at
Mon Sep 14 14:57:49 MDT 2009

> Date: Mon, 14 Sep 2009 15:43:50 +0200
 > From: Michael Str?der <michael at>
 > To: Andrew Bartlett <abartlet at>

>  Andrew Bartlett wrote:
>> > On Mon, 2009-09-14 at 15:28 +0200, Michael Str?der wrote:
>>> >> Andrew Bartlett wrote:
>>>> >>> On Sat, 2009-09-12 at 14:17 +0200, Michael Str?der wrote:
>>>>> >>>> Michael Str?der wrote:
>>>>>> >>>>> Oliver Liebel wrote:
>>>>>>> >>>>>> sorry, i didnt tested it with the latest version from git.
>>>>>>> >>>>>> but im sure andrew will know where to focus, as he
>>>>>>> >>>>>> reworked in several parts to integrate
>>>>>>> >>>>>> provision-backend in provision.
>>>>>>> >>>>>>
>>>>>>> >>>>>> looks like for some reason s4 cant make a proper connect to the ldapi-socket
>>>>>>> >>>>>> on therefore provision fails.
>>>>>> >>>>> For me it boils down to that slapo-deref is mentioned as being missing
>>>>>> >>>>> although it is available on my system.
>>>>> >>>> Hmm, where are the 'moduleload' directives in the setup directory?
>>>> >>> Samba4 relies on the behaviour from recent OpenLDAP releases (possibly
>>>> >>> gone missing in very recent versions) that uses the default module
>>>> >>> directory and a mapping from overlay names to module names.  (Because I
>>>> >>> don't want to try and guess those OpenLDAP configuration details).
>>> >> But it simply does not work. Note that I'm always testing with fresh checkout
>>> >> from OpenLDAP's CVS branch OPENLDAP_REL_ENG_2_4.
>> >
>> > Indeed.  It used to, and until OpenLDAP returns that that behaviour, we
>> > won't function.  If need be, I'll work this out with Howard when I see
>> > him this week.
>> >
>> > I am loathed to return Samba4 to 'guess the OpenLDAP configuration'.

The OpenLDAP behavior has not been reverted, but you're talking about two 
different things. The default path for modules is now present in the slapd 
binary, which makes it unnecessary for you to use the "modulepath" directive. 
But Michael was asking you about the "moduleload" directive. Even though you 
don't need to guess the configuration any more (you don't need to guess what 
the modulepath is, or whether a module is dynamic or static) you still have to 
actually specify the moduleload directives.

> I guess the problem is that your OpenLDAP binaries were not build with
> configure option --enable-modules. But with most OpenLDAP deployments that is
> what is used.

And moduleload/modulepath will only be recognized as valid keywords if you 
configured with --enable-modules. If you didn't do that, then right, none of 
this will work.

   -- Howard Chu
   CTO, Symas Corp. 
   Director, Highland Sun
   Chief Architect, OpenLDAP

More information about the samba-technical mailing list