[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd/slurpd replication log not written to
Howard Chu wrote:
Juliet Kemp wrote:
I'm attempting to set up a slave LDAP server.
I have replogfile & replica config set in the master server, but when
I restart it & try a test entry, the replication log contains no
data. It does, however, show a change in the 'last modified' date.
Note that the replog should usually be empty since slurpd truncates it
as soon as it reads it.
Ah, right, thanks for that.
I've now been able to get it running with simple auth (by setting rootdn
& rootpw on the slave server), but I'd prefer to have it using GSSAPI
like the rest of my setup.
The .rej file just has "ERROR: Referral"
The slave logfile (with loglevel 1) is shown below (for an attempted
add). I'm slightly confused in that it seems to switch halfway through
from using slurpd_adm (my replication admin) to ldapadm (the 'general'
admin).
Master replication config:
replica uri=ldaps://elysium.ph.ic.ac.uk:636
tls=yes
bindmethod=sasl
binddn="uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk"
saslmech=GSSAPI
Slave config:
updatedn "uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk"
updateref ldaps://rapanui.ph.ic.ac.uk
access to *
by dn="uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk" write
by dn="uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk" write
by * read
Do I need to specify a keytab somewhere? I've had trouble finding
anything useful in the docs for SASL replication.
Many thanks,
Juliet
slave log for add replication:
Aug 9 11:42:15 elysium slapd[9780]: connection_get(13): got connid=0
Aug 9 11:42:15 elysium slapd[9780]: connection_read(13): checking for
input on id=0
Aug 9 11:42:15 elysium slapd[9780]: connection_get(13): got connid=0
Aug 9 11:42:15 elysium slapd[9780]: connection_read(13): checking for
input on id=0 Aug 9 11:42:15 elysium slapd[9780]: connection_read(13):
unable to get TLS client DN, error=49
id=0
Aug 9 11:42:15 elysium slapd[9780]: connection_get(13): got connid=0
Aug 9 11:42:15 elysium slapd[9780]: connection_read(13): checking for
input on id=0
Aug 9 11:42:15 elysium slapd[9780]: ber_get_next on fd 13 failed
errno=11 (Resource temporarily unavailable) Aug 9 11:42:15 elysium
slapd[9783]: do_extended
Aug 9 11:42:15 elysium slapd[9783]: send_ldap_extended: err=1 oid= len=0
Aug 9 11:42:15 elysium slapd[9783]: send_ldap_response: msgid=1 tag=120
err=1
Aug 9 11:42:15 elysium slapd[9780]: connection_get(13): got connid=0
Aug 9 11:42:15 elysium slapd[9780]: connection_read(13): checking for
input on id=0
Aug 9 11:42:15 elysium slapd[9780]: ber_get_next on fd 13 failed
errno=0 (Success)
Aug 9 11:42:15 elysium slapd[9780]: connection_read(13): input error=-2
id=0, closing.
Aug 9 11:42:15 elysium slapd[9780]: connection_closing: readying conn=0
sd=13 for close
Aug 9 11:42:15 elysium slapd[9780]: connection_close: deferring conn=0
sd=13 Aug 9 11:42:15 elysium slapd[9780]: connection_get(14): got connid=1
Aug 9 11:42:15 elysium slapd[9780]: connection_read(14): checking for
input on id=1
Aug 9 11:42:15 elysium slapd[9783]: do_unbind
Aug 9 11:42:15 elysium slapd[9783]: connection_resched: attempting
closing conn=0 sd=13
Aug 9 11:42:15 elysium slapd[9783]: connection_close: conn=0 sd=13
Aug 9 11:42:15 elysium slapd[9780]: connection_get(14): got connid=1
Aug 9 11:42:15 elysium slapd[9780]: connection_read(14): checking for
input on id=1
Aug 9 11:42:15 elysium slapd[9780]: connection_read(14): unable to get
TLS client DN, error=49
id=1
Aug 9 11:42:15 elysium slapd[9780]: connection_get(14): got connid=1
Aug 9 11:42:15 elysium slapd[9780]: connection_read(14): checking for
input on id=1
Aug 9 11:42:15 elysium slapd[9780]: ber_get_next on fd 14 failed
errno=11 (Resource temporarily unavailable)
Aug 9 11:42:15 elysium slapd[9780]: connection_get(14): got connid=1
Aug 9 11:42:15 elysium slapd[9780]: connection_read(14): checking for
input on id=1
Aug 9 11:42:15 elysium slapd[9780]: ber_get_next on fd 14 failed
errno=11 (Resource temporarily unavailable)
Aug 9 11:42:15 elysium slapd[9783]: do_bind
Aug 9 11:42:15 elysium slapd[9783]: >>> dnPrettyNormal:
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:15 elysium slapd[9783]: <<< dnPrettyNormal:
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>,
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:15 elysium slapd[9783]: do_sasl_bind: dn
(uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk) mech GSSAPI
Aug 9 11:42:15 elysium slapd[9783]: send_ldap_sasl: err=14 len=153
Aug 9 11:42:15 elysium slapd[9783]: send_ldap_response: msgid=1 tag=97
err=14
Aug 9 11:42:15 elysium slapd[9783]: <== slap_sasl_bind: rc=14
Aug 9 11:42:15 elysium slapd[9780]: connection_get(14): got connid=1
Aug 9 11:42:15 elysium slapd[9780]: connection_read(14): checking for
input on id=1
Aug 9 11:42:15 elysium slapd[9780]: ber_get_next on fd 14 failed
errno=11 (Resource temporarily unavailable)
Aug 9 11:42:15 elysium slapd[9783]: do_bind
Aug 9 11:42:15 elysium slapd[9783]: >>> dnPrettyNormal:
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:15 elysium slapd[9783]: <<< dnPrettyNormal:
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>,
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: do_sasl_bind: dn
(uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk) mech GSSAPI
Aug 9 11:42:16 elysium slapd[9783]: send_ldap_sasl: err=14 len=65
Aug 9 11:42:16 elysium slapd[9783]: send_ldap_response: msgid=2 tag=97
err=14
Aug 9 11:42:16 elysium slapd[9783]: <== slap_sasl_bind: rc=14
Aug 9 11:42:16 elysium slapd[9780]: connection_get(14): got connid=1
Aug 9 11:42:16 elysium slapd[9780]: connection_read(14): checking for
input on id=1
Aug 9 11:42:16 elysium slapd[9780]: ber_get_next on fd 14 failed
errno=11 (Resource temporarily unavailable)
Aug 9 11:42:16 elysium slapd[9783]: do_bind
Aug 9 11:42:16 elysium slapd[9783]: >>> dnPrettyNormal:
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: <<< dnPrettyNormal:
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>,
<uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: do_sasl_bind: dn
(uid=slurpd_adm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk) mech GSSAPI
Aug 9 11:42:16 elysium slapd[9783]: slap_sasl_getdn: u:id converted to
uid=ldapadm,cn=PH.IC.AC.UK,cn=GSSAPI,cn=auth
Aug 9 11:42:16 elysium slapd[9783]: >>> dnNormalize:
<uid=ldapadm,cn=PH.IC.AC.UK,cn=GSSAPI,cn=auth>
Aug 9 11:42:16 elysium slapd[9783]: <<< dnNormalize:
<uid=ldapadm,cn=ph.ic.ac.uk,cn=gssapi,cn=auth>
Aug 9 11:42:16 elysium slapd[9783]: ==>slap_sasl2dn: converting SASL
name uid=ldapadm,cn=ph.ic.ac.uk,cn=gssapi,cn=auth to a DN
Aug 9 11:42:16 elysium slapd[9783]: slap_authz_regexp: converting SASL
name uid=ldapadm,cn=ph.ic.ac.uk,cn=gssapi,cn=auth
Aug 9 11:42:16 elysium slapd[9783]: slap_authz_regexp: converted SASL
name to uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk
Aug 9 11:42:16 elysium slapd[9783]: slap_parseURI: parsing
uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk
Aug 9 11:42:16 elysium slapd[9783]: >>> dnNormalize:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: <<< dnNormalize:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: <==slap_sasl2dn: Converted SASL
name to uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk
Aug 9 11:42:16 elysium slapd[9783]: slap_sasl_getdn: dn:id converted to
uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk
Aug 9 11:42:16 elysium slapd[9783]: SASL Authorize [conn=1]: proxy
authorization allowed authzDN=""
Aug 9 11:42:16 elysium slapd[9783]: send_ldap_sasl: err=0 len=-1
Aug 9 11:42:16 elysium slapd[9783]: do_bind: SASL/GSSAPI bind:
dn="uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk" ssf=56
Aug 9 11:42:16 elysium slapd[9783]: send_ldap_response: msgid=3 tag=97
err=0
Aug 9 11:42:16 elysium slapd[9783]: <== slap_sasl_bind: rc=0
Aug 9 11:42:16 elysium slapd[9780]: connection_get(14): got connid=1
Aug 9 11:42:16 elysium slapd[9780]: connection_read(14): checking for
input on id=1
Aug 9 11:42:16 elysium slapd[9780]: ber_get_next on fd 14 failed
errno=11 (Resource temporarily unavailable)
Aug 9 11:42:16 elysium slapd[9783]: do_add
Aug 9 11:42:16 elysium slapd[9783]: >>> dnPrettyNormal:
<uid=test3,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: <<< dnPrettyNormal:
<uid=test3,dc=ph,dc=ic,dc=ac,dc=uk>, <uid=test3,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: => get_ctrls
Aug 9 11:42:16 elysium slapd[9783]: => get_ctrls:
oid="2.16.840.1.113730.3.4.2" (noncritical)
Aug 9 11:42:16 elysium slapd[9783]: <= get_ctrls: n=1 rc=0 err=""
Aug 9 11:42:16 elysium slapd[9783]: >>> dnPretty:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: <<< dnPretty:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: >>> dnNormalize:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: <<< dnNormalize:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: >>> dnPretty:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: <<< dnPretty:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: >>> dnNormalize:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: <<< dnNormalize:
<uid=ldapadm,ou=people,dc=ph,dc=ic,dc=ac,dc=uk>
Aug 9 11:42:16 elysium slapd[9783]: slap_global_control: unavailable
control: 2.16.840.1.113730.3.4.2
Aug 9 11:42:16 elysium slapd[9783]: send_ldap_result: conn=1 op=3 p=3
Aug 9 11:42:16 elysium slapd[9783]: send_ldap_response: msgid=4 tag=105
err=10
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Ms Juliet Kemp +
+ Computer Manager star@imperial.ac.uk +
+ Astrophysics Group +
+ Imperial College Tel: +44 (0)20759 47538 +
+ London. SW7 2AZ Fax: +44 (0)20759 47541 +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++