All, I've read and re-read (not to mentioned googled) configuring SyncRepl in OpenLDAP dynamic configuration (cn=config)--v2.4.23. Missing something somewhere. Current logging is set to "256" on both Provider and Consumer. On my Master/Provider LDAP server seeing the following: slapd shutdown: waiting for 0 operations/tasks to finish slapd shutdown: initiated bdb_modify: dc=group42,dc=ldap bdb_dn2entry("dc=group42,dc=ldap") bdb_modify_internal: 0x00000001: dc=group42,dc=ldap bdb_modify_internal: replace contextCSN => entry_encode(0x00000001): dc=group42,dc=ldap <= entry_encode(0x00000001): dc=group42,dc=ldap bdb_modify: updated id=00000001 dn="dc=group42,dc=ldap" send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=0 matched="" text="" ====> bdb_cache_release_all ====> bdb_cache_release_all slapd destroy: freeing system resources. On my Consumer/Slave Server I am seeing the following: slapd destroy: freeing system resources. syncinfo_free: rid=001 slapd stopped. tail: /var/log/slapd: file truncated do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying From my readings, I understand that the "Sync State Control" error normally indicates that my provider is not set up correctly. As far as I can tell, my modules are correctly loaded and the overlays are loaded to the appropriate database (my case, bdb) to be replicated. The following is from the Provider/Master LDAP Server: My olcDatabase-{1}bdb.ldif (truncated): # more olcDatabase={1}bdb.ldif dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: ******* olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 ... olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: cn,uid eq,sub olcDbIndex: uidNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: ipHostNumber eq olcDbIndex: gidNumber,memberUID eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8 creatorsName: cn=config createTimestamp: 20111219143532Z olcDbSearchStack: 32 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDatabase: {1}bdb entryCSN: 20120313143637.046410Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20120313143637Z # ll olcDatabase={1}bdb total 16 -rw------- 1 ldap ldap 453 Mar 12 10:50 olcOverlay={0}syncprov.ldif -rw------- 1 ldap ldap 505 Feb 29 11:16 olcOverlay={1}accesslog.ldif The olcOverlay={0}syncrpov.ldif # more olcDatabase={1}bdb/olcOverlay={0}syncprov.ldif dn: olcOverlay={0}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca creatorsName: cn=admin,cn=config createTimestamp: 20120224171809Z olcSpReloadHint: TRUE olcSpCheckpoint: 1000 60 entryCSN: 20120312145000.123929Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120312145000Z The olcOverlay={1}accesslog.ldif: # more olcDatabase={1}bdb/olcOverlay={1}accesslog.ldif dn: olcOverlay={1}accesslog objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: eea1e438-6385-4660-807b-bb270eb4843a creatorsName: cn=admin,cn=config createTimestamp: 20120229161649Z entryCSN: 20120229161649.880441Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120229161649Z ***The following is on the Consumer/Slave Server*** The olcDatabase={2}bdb.ldif (truncated): # more olcDatabase={2}bdb.ldif dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: ********* olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 ... olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008 creatorsName: cn=config createTimestamp: 20120229205835Z olcDatabase: {2}bdb olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636 olcMirrorMode: TRUE olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod =simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=******* interva l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs= "*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23 /etc/openldap/cacerts entryCSN: 20120313150609.224840Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313150609Z Not sure what I am missing, nor where I am missing it. Any assistance would be helpful. Dave Borresen Solaris/Linux Systems Administrator Surveillance Systems Group MIT Lincoln Laboratory 244 Wood Street Lexington, MA 02420 P: 781-981-2954 F: 781-981-5344 |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature