Hi,
I'm relatively new to OpenLDAP and am trying to set up a slave server. I
figured the easiest way would be to use the anonymous user to perform the
synchronization given that my master allows for full anonymous reads:
access to *
by self write
by users read
by anonymous read
I have tried to specify the following in my slave slapd.conf:
syncrepl rid=8
provider=ldap://snoopy.domain.com:389
type=refreshAndPersist
retry="60 +"
searchbase="dc=domain,dc=com"
schemachecking=off
bindmethod=simple
However, my slave seems to be unable to connect properly to the master. It
seems to be trying to write something, and am not quite sure what. My
master has the following log:
Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 fd=72 ACCEPT from
IP=10.1.1.8:39558 (IP=0.0.0.0:389)
Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 op=0 BIND dn="" method=128
Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 op=0 RESULT tag=97 err=0 text=
Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 op=1 SRCH
base="dc=domain,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 op=1 SRCH attr=* +
Nov 9 16:37:52 snoopy slapd[1481]: send_search_entry: conn 6270 ber write
failed.
Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 fd=72 closed (connection lost
on write)
My slave logs display the following:
Nov 9 16:45:36 spike slapd[32415]: do_syncrep2: rid 008got search entry
without control
Nov 9 16:45:36 spike slapd[32415]: do_syncrepl: rid 008 retrying
I thought it might have something to do with the type (in that
refreshAndPersist may require some form of write privileges), so I switched
to type refreshOnly, however, it made no difference. My log outputs remain
the same.
Can anyone steer me in the correct direction?