[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: slurpd trouble



1) TLS connect failure

TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
TLS: can't connect.
ldap_err2string
Warning: ldap_start_tls failed: Connect error (-11)

If you do not have SSL Server Server for LDAP Servers, remove "tls=yes"
of "replica" directive in slapd.conf at MASTER

2) Invalid DN syntax

Error: ldap_simple_bind_s for bms-serve.bloomfield.k12.mo.us:389 failed:

Invalid  DN syntax

Make sure you add "cn=replica,dc=bes-serve,dc=bloomfield.k12.mo.us" with
a userPassword of "secret" to MASTER prior to copying the database over.

Here I wonder someone in this forum could comment if "-" and "."
characters are allowed for naming of domain components (dc)?

3) You have the password of replica binddn set to:

credentials='secret'

I think the enclosing single quotes are not really needed, try removing
it, just make it:

credentials=secret

Gary

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Scott Mayo
Sent: Thursday, June 30, 2005 1:33 AM
To: openldap-software@OpenLDAP.org
Subject: slurpd trouble


I have been having a lot of trouble getting my replication to work.  So 
far, I have set up a Master 
server(10.0.0.4=bes-serve.bloomfield.k12.mo.us) and a Slave 
server(10.0.0.6=bms-serve.bloomfield.k12.mo.us).  I added two users onto

the Master server and then copied the database over to the slave.  I 
started slapd up on both machines.  I then added another user on the 
Master.  I started slurpd in one-shot mode to see why it does not 
update.  Here is the last part of the error that I get and then it never

returns me to the command prompt.

Config: ** configuration file successfully read and parsed
Config: (allow bind_v2)
Config: (pidfile                /var/run/slapd.pid)
Config: (argsfile       /var/run/slapd.args)
Config: (loglevel -1)
Config: (database       bdb)
Config: (suffix         "dc=bes-serve,dc=bloomfield.k12.mo.us")
Config: (rootdn
"cn=Manager,dc=bes-serve,dc=bloomfield.k12.mo.us")
Config: (rootpw         secret)
Config: (directory      /var/lib/ldap)
Config: (index objectClass                       eq)
Config: (index cn                               eq,pres,sub)
Config: (index sn                               eq,pres,sub)
Config: (index uid                              eq,pres,sub)
Config: (index displayName                      eq,pres,sub)
Config: (index uidNumber                                eq)
Config: (index gidNumber                                eq)
Config: (index memberUid                                eq)
Config: (index sambaSID                         eq)
Config: (index sambaPrimaryGroupSID             eq)
Config: (index sambaDomainName                  eq)
Config: (index default                          sub)
Config: (replogfile /var/lib/ldap/replog)
Config: (replica uri=ldap://bms-serve.bloomfield.k12.mo.us:389 
suffix="dc=bes-se rve,dc=bloomfield.k12.mo.us" 
binddn="cn=replica,dc=bes-serve,bloomfield.k12.mo.u s" bindmethod=simple

credentials='secret' tls=yes)
ldap_url_parse_ext(ldap://bms-serve.bloomfield.k12.mo.us:389)
Config: ** successfully added replica
"bms-serve.bloomfield.k12.mo.us:389"
Config: ** configuration file successfully read and parsed Processing in
one-shot mode: 38 total replication records in file, 38 replication
records to process. begin replication thread for
bms-serve.bloomfield.k12.mo.us:389
Initializing session to ldap://bms-serve.bloomfield.k12.mo.us:389
ldap_create
ldap_url_parse_ext(ldap://bms-serve.bloomfield.k12.mo.us:389)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP bms-serve.bloomfield.k12.mo.us:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 10.0.0.6:389
ldap_connect_timeout: fd: 6 tm: -1 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 31 bytes to sd 6
   0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31 
0....w...1.3.6.1
   0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37
.4.1.1466.20037
ldap_write: want=31, written=31
   0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31 
0....w...1.3.6.1
   0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37
.4.1.1466.20037
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: bms-serve.bloomfield.k12.mo.us  port: 389  (default)
   refcnt: 2  status: Connected
   last used: Wed Jun 29 12:06:38 2005

** Outstanding Requests:
  * msgid 1,  origid 1, status InProgress
    outstanding referrals 0, parent count 0
** Response Queue:
    Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=8, got=8
   0000:  30 0c 02 01 01 78 07 0a                            0....x..
ldap_read: want=6, got=6
   0000:  01 00 04 00 04 00                                  ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x552ac108d0 ptr=0x552ac108d0 end=0x552ac108dc len=12
   0000:  02 01 01 78 07 0a 01 00  04 00 04 00
...x........
ldap_read: message type extended-result msgid 1, original id 1 ber_scanf
fmt ({iaa) ber:
ber_dump: buf=0x552ac108d0 ptr=0x552ac108d3 end=0x552ac108dc len=9
   0000:  78 07 0a 01 00 04 00 04  00                        x........
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_extended_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x552ac108d0 ptr=0x552ac108d3 end=0x552ac108dc len=9
   0000:  78 07 0a 01 00 04 00 04  00                        x........
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x552ac108d0 ptr=0x552ac108d3 end=0x552ac108dc len=9
   0000:  78 07 0a 01 00 04 00 04  00                        x........
ber_scanf fmt (}) ber:
ber_dump: buf=0x552ac108d0 ptr=0x552ac108dc end=0x552ac108dc len=0

ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
tls_write: want=142, written=142
   0000:  80 8c 01 03 01 00 63 00  00 00 20 00 00 39 00 00   ......c... 
..9..
   0010:  38 00 00 35 00 00 16 00  00 13 00 00 0a 07 00 c0 
8..5............
   0020:  00 00 33 00 00 32 00 00  2f 03 00 80 00 00 66 00 
..3..2../.....f.
   0030:  00 05 00 00 04 01 00 80  08 00 80 00 00 63 00 00 
.............c..
   0040:  62 00 00 61 00 00 15 00  00 12 00 00 09 06 00 40 
b..a...........@
   0050:  00 00 65 00 00 64 00 00  60 00 00 14 00 00 11 00 
..e..d..`.......
   0060:  00 08 00 00 06 04 00 80  00 00 03 02 00 80 f1 55 
...............U
   0070:  ed 94 cd 3b d3 85 43 d6  c4 8c 56 74 a5 26 04 df 
...;..C...Vt.&..
   0080:  46 30 bf 2b 38 92 da 3e  1b fc e4 10 b0 64
F0.+8..>.....d
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
   0000:  15 03 01 00 02 02 28                               ......(
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
TLS: can't connect.
ldap_err2string
Warning: ldap_start_tls failed: Connect error (-11)
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 6
   0000:  30 05 02 01 02 42 00                               0....B.
ldap_write: want=7, written=7
   0000:  30 05 02 01 02 42 00                               0....B.
ldap_free_connection: actually freed
Initializing session to ldap://bms-serve.bloomfield.k12.mo.us:389
ldap_create
ldap_url_parse_ext(ldap://bms-serve.bloomfield.k12.mo.us:389)
bind to bms-serve.bloomfield.k12.mo.us:389 as 
cn=replica,dc=bes-serve,bloomfield .k12.mo.us (simple)
ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind
ldap_send_initial_request ldap_new_connection ldap_int_open_connection
ldap_connect_to_host: TCP bms-serve.bloomfield.k12.mo.us:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 10.0.0.6:389
ldap_connect_timeout: fd: 6 tm: -1 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 66 bytes to sd 6
   0000:  30 40 02 01 01 60 3b 02  01 03 04 2c 63 6e 3d 72 
0@...`;....,cn=r
   0010:  65 70 6c 69 63 61 2c 64  63 3d 62 65 73 2d 73 65 
eplica,dc=bes-se
   0020:  72 76 65 2c 62 6c 6f 6f  6d 66 69 65 6c 64 2e 6b 
rve,bloomfield.k
   0030:  31 32 2e 6d 6f 2e 75 73  80 08 27 73 65 63 72 65 
12.mo.us..'secre
   0040:  74 27                                              t'
ldap_write: want=66, written=66
   0000:  30 40 02 01 01 60 3b 02  01 03 04 2c 63 6e 3d 72 
0@...`;....,cn=r
   0010:  65 70 6c 69 63 61 2c 64  63 3d 62 65 73 2d 73 65 
eplica,dc=bes-se
   0020:  72 76 65 2c 62 6c 6f 6f  6d 66 69 65 6c 64 2e 6b 
rve,bloomfield.k
   0030:  31 32 2e 6d 6f 2e 75 73  80 08 27 73 65 63 72 65 
12.mo.us..'secre
   0040:  74 27                                              t'
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: bms-serve.bloomfield.k12.mo.us  port: 389  (default)
   refcnt: 2  status: Connected
   last used: Wed Jun 29 12:06:38 2005

** Outstanding Requests:
  * msgid 1,  origid 1, status InProgress
    outstanding referrals 0, parent count 0
** Response Queue:
    Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=8, got=8
   0000:  30 16 02 01 01 61 11 0a                            0....a..
ldap_read: want=16, got=16
   0000:  01 22 04 00 04 0a 69 6e  76 61 6c 69 64 20 44 4e 
."....invalid DN
ber_get_next: tag 0x30 len 22 contents:
ber_dump: buf=0x552ac22970 ptr=0x552ac22970 end=0x552ac22986 len=22
   0000:  02 01 01 61 11 0a 01 22  04 00 04 0a 69 6e 76 61 
...a..."....inva
   0010:  6c 69 64 20 44 4e                                  lid DN
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x552ac22970 ptr=0x552ac22973 end=0x552ac22986 len=19
   0000:  61 11 0a 01 22 04 00 04  0a 69 6e 76 61 6c 69 64 
a..."....invalid
   0010:  20 44 4e                                            DN
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x552ac22970 ptr=0x552ac22973 end=0x552ac22986 len=19
   0000:  61 11 0a 01 22 04 00 04  0a 69 6e 76 61 6c 69 64 
a..."....invalid
   0010:  20 44 4e                                            DN
ber_scanf fmt (}) ber:
ber_dump: buf=0x552ac22970 ptr=0x552ac22986 end=0x552ac22986 len=0

ldap_msgfree
ldap_err2string
Error: ldap_simple_bind_s for bms-serve.bloomfield.k12.mo.us:389 failed:

Invalid  DN syntax
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 6
   0000:  30 05 02 01 02 42 00                               0....B.
ldap_write: want=7, written=7
   0000:  30 05 02 01 02 42 00                               0....B.
ldap_free_connection: actually freed





Here are my current config files.

*********SLAVE /ETC/OPENLDAP/LDAP.CONF*******************
HOST 10.0.0.4 10.0.0.6
BASE dc=bes-serve,dc=bloomfield.k12.mo.us



*********SLAVE /ETC/OPENLDAP/SLAPD.CONF****************
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/samba.schema

allow bind_v2

pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

loglevel -1

database	bdb
suffix		"dc=bes-serve,dc=bloomfield.k12.mo.us"
rootdn		"cn=Manager,dc=bes-serve,dc=bloomfield.k12.mo.us"

rootpw		secret

updatedn "cn=replica,dc=bes-serve,dc=bloomfield.k12.mo.us"
updateref ldap://bes-serve.bloomfield.k12.mo.us

directory	/var/lib/ldap

index objectClass                       eq
index cn				eq,pres,sub
index sn				eq,pres,sub
index uid				eq,pres,sub
index displayName			eq,pres,sub
index uidNumber				eq
index gidNumber				eq
index memberUid				eq
index sambaSID				eq
index sambaPrimaryGroupSID		eq
index sambaDomainName			eq
index default				sub

access to *
  by dn.exact="cn=replica,dc=bes-serve,dc=bloomfield.k12.mo.us" write
  by * none break
access to attrs=userPassword
  by self write
  by * auth
access to * by self write
  by * read




***********MASTER /ETC/OPENLDAP/LDAP.CONF**************
HOST 127.0.0.1 10.0.0.6
BASE dc=bes-serve,dc=bloomfield.k12.mo.us


**********MASTER /ETC/OPENLDAP/SLAPD.CONF**************
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/samba.schema

allow bind_v2
pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

loglevel -1

database	bdb
suffix		"dc=bes-serve,dc=bloomfield.k12.mo.us"
rootdn		"cn=Manager,dc=bes-serve,dc=bloomfield.k12.mo.us"
rootpw		secret

directory	/var/lib/ldap

index objectClass                       eq
index cn				eq,pres,sub
index sn				eq,pres,sub
index uid				eq,pres,sub
index displayName			eq,pres,sub
index uidNumber				eq
index gidNumber				eq
index memberUid				eq
index sambaSID				eq
index sambaPrimaryGroupSID		eq
index sambaDomainName			eq
index default				sub

replogfile /var/lib/ldap/replog
replica uri=ldap://bms-serve.bloomfield.k12.mo.us:389
	suffix="dc=bes-serve,dc=bloomfield.k12.mo.us"
	binddn="cn=replica,dc=bes-serve,bloomfield.k12.mo.us"
	bindmethod=simple
	credentials='secret'
	tls=yes


If anyone has any idea of what for me to change or look at, I would 
really appreciate the help.  I am stuck here.  It looks like it is 
having trouble connecting so I must have something set wrong in my 
config files.  I know it is nothing to do with iptables blocking a port,

since I have them turned off.

-- 
Scott Mayo
Technology Coordinator
Bloomfield Schools
PH: 573-568-5669
FA: 573-568-4565
Pager: 800-264-2535 X2549

Duct tape is like the force, it has a light side and a dark side and it
holds the universe together.