[Date Prev][Date Next] [Chronological] [Thread] [Top]

question on syncprov



Hi,
I'm trying to migrate from OpenLDAP 2.3.43-12.el5_6.7 to OpenLDAP 2.4.23-20.el6.x86_6.
In 2.3, we currently have one master, replicating changes to 2 consumers via slurpd.

I'm trying to configure 2.4 w/ syncrepl, and have tried using refreshAndPersist to mimic that same routine
of pushing changes from the master.  I'm getting failures though:

on the master:

ay 25 13:55:25  slapd[6855]: send_search_entry: conn 1064  ber write failed.
May 25 13:55:45 slapd[6855]: send_search_entry: conn 1066  ber write failed.
May 25 13:56:45  slapd[6855]: send_search_entry: conn 1068  ber write failed.
May 25 13:57:45 slapd[6855]: send_search_entry: conn 1078  ber write failed.
May 25 13:58:45 slapd[6855]: send_search_entry: conn 1084  ber write failed.
May 25 13:59:05 slapd[6855]: send_search_entry: conn 1086  ber write failed.
May 25 13:59:15 slapd[6855]: send_search_entry: conn 1087  ber write failed.

on a consumer:
May 25 13:45:15 slapd[28707]: do_syncrepl: rid=002 rc 68 retrying (9 retries left)
May 25 13:45:25 slapd[28707]: syncrepl_entry: rid=002 be_add cn=XXXXXXX,dc=edu failed (68)


here are snippets from the master's slapd.conf and from one of the consumers:

master -
-------

database hdb
include /etc/openldap/slapd.access
suffix "dc=XXXXdc=edu"
checkpoint      1024    5
cachesize       30000
idlcachesize 90000
rootdn "cn=Manager,XXXXX,dc=edu"
# NOTE: "updatedn" MUST BE COMMENTED OUT FOR INITIAL CREATION/LOAD OF
# ROOT INFO



overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100


# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# needs to be changed to something someone knows.
rootpw          secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
# review these
index default pres,eq
index uid eq,sub
index entryUUID,entryCSN
index cn,sn,givenName,ou,mail,telephoneNumber pres,eq,sub
index employeeNumber,mailAlternateAddress,eduPersonPrincipalName
index eduPersonAffiliation,eduPersonPrimaryAffiliation
index objectClass,serialNumber eq
index isMemberOf eq,subany
TLSCertificateFile /etc/openldap/newcert.pem
TLSCertificateKeyFile /etc/openldap/newkey.pem
TLSCACertificateFile /etc/openldap/chain.pem


consumer -
------------------
database hdb
suffix "dc=XXXXX=edu"
checkpoint      1024    5
cachesize       30000
idlcachesize 90000
rootdn "cn=Manager,dc=XXXX,dc=edu"
# NOTE: "updatedn" MUST BE COMMENTED OUT FOR INITIAL CREATION/LOAD OF
# ROOT INFO

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# needs to be changed to something someone knows.
rootpw          secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
# review these
index default pres,eq
index uid eq,sub
index entryUUID,entryCSN
index cn,sn,givenName,ou,mail,telephoneNumber pres,eq,sub
index employeeNumber,mailAlternateAddress,eduPersonPrincipalName
index eduPersonAffiliation,eduPersonPrimaryAffiliation
index objectClass,serialNumber eq
index isMemberOf eq,subany
TLSCertificateFile /etc/openldap/newcert.pem
TLSCertificateKeyFile /etc/openldap/newkey.pem
TLSCACertificateFile /etc/openldap/chain.pem



syncrepl rid=002
provider=ldap://providername-taken-out-here:389
type=refreshAndPersist
retry="10 10 60 +"
searchbase="dc=XXXX,dc=edu"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=Replicator,dc=XXXX,dc=edu"
credentials="password"

updateref ldap://providername-takenout-here:389




the account I"m using to bind from the consumer has read access to everything on the master.
Thanks in advance