I'm trying to migrate from OpenLDAP 2.3.43-12.el5_6.7 to OpenLDAP 2.4.23-20.el6.x86_6.
In 2.3, we currently have one master, replicating changes to 2 consumers via slurpd.
I'm trying to configure 2.4 w/ syncrepl, and have tried using refreshAndPersist to mimic that same routine
of pushing changes from the master. I'm getting failures though:
ay 25 13:55:25 slapd[6855]: send_search_entry: conn 1064 ber write failed.
May 25 13:55:45 slapd[6855]: send_search_entry: conn 1066 ber write failed.
May 25 13:56:45 slapd[6855]: send_search_entry: conn 1068 ber write failed.
May 25 13:57:45 slapd[6855]: send_search_entry: conn 1078 ber write failed.
May 25 13:58:45 slapd[6855]: send_search_entry: conn 1084 ber write failed.
May 25 13:59:05 slapd[6855]: send_search_entry: conn 1086 ber write failed.
May 25 13:59:15 slapd[6855]: send_search_entry: conn 1087 ber write failed.
May 25 13:45:15 slapd[28707]: do_syncrepl: rid=002 rc 68 retrying (9 retries left)
May 25 13:45:25 slapd[28707]: syncrepl_entry: rid=002 be_add cn=XXXXXXX,dc=edu failed (68)
here are snippets from the master's slapd.conf and from one of the consumers:
master -
-------
database hdb
include /etc/openldap/slapd.access
suffix "dc=XXXXdc=edu"
checkpoint 1024 5
cachesize 30000
idlcachesize 90000
rootdn "cn=Manager,XXXXX,dc=edu"
# NOTE: "updatedn" MUST BE COMMENTED OUT FOR INITIAL CREATION/LOAD OF
# ROOT INFO
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# needs to be changed to something someone knows.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
# review these
index default pres,eq
index uid eq,sub
index entryUUID,entryCSN
index cn,sn,givenName,ou,mail,telephoneNumber pres,eq,sub
index employeeNumber,mailAlternateAddress,eduPersonPrincipalName
index eduPersonAffiliation,eduPersonPrimaryAffiliation
index objectClass,serialNumber eq
index isMemberOf eq,subany
TLSCertificateFile /etc/openldap/newcert.pem
TLSCertificateKeyFile /etc/openldap/newkey.pem
TLSCACertificateFile /etc/openldap/chain.pem
consumer -
------------------
database hdb
suffix "dc=XXXXX=edu"
checkpoint 1024 5
cachesize 30000
idlcachesize 90000
rootdn "cn=Manager,dc=XXXX,dc=edu"
# NOTE: "updatedn" MUST BE COMMENTED OUT FOR INITIAL CREATION/LOAD OF
# ROOT INFO
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# needs to be changed to something someone knows.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
# review these
index default pres,eq
index uid eq,sub
index entryUUID,entryCSN
index cn,sn,givenName,ou,mail,telephoneNumber pres,eq,sub
index employeeNumber,mailAlternateAddress,eduPersonPrincipalName
index eduPersonAffiliation,eduPersonPrimaryAffiliation
index objectClass,serialNumber eq
index isMemberOf eq,subany
TLSCertificateFile /etc/openldap/newcert.pem
TLSCertificateKeyFile /etc/openldap/newkey.pem
TLSCACertificateFile /etc/openldap/chain.pem
syncrepl rid=002
provider=ldap://providername-taken-out-here:389
type=refreshAndPersist
retry="10 10 60 +"
searchbase="dc=XXXX,dc=edu"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=Replicator,dc=XXXX,dc=edu"
credentials="password"
updateref ldap://providername-takenout-here:389
the account I"m using to bind from the consumer has read access to everything on the master.
Thanks in advance