[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Syncrepl and mmr
All,
The following are excerpts from my multi-master logs and at the end are the cn=config dbase for both systems. I can see that communications are being attempted, but not succeeding. The other day, entries were added to "cn=role2,ou=sudoers,dc=example,dc=ldap" to the Syncrepl...
I have opened up my ACLs (may not be reflected in the cn=config below) for "uid=replicator,ou=Admins,dc=example,dc=ldap" and "cn=ldapadmin,dc=example,dc=ldap". The replicator account is the rootDN for /var/lib/openldap/accesslog with read privs on olcDatabase={1}bdb (primary dbase). The ldapadmin account is the rootDN for the olcDatabase={1}bdb and full write privs on the accesslog dbase.
The olcSyncRepl rids are authenticating to ldapadmin (I removed the binding to replicator for troubleshooting -- alas no affect).
I am hoping some other eyes can see where my mistake(s) are and point me in the correct direction. Honestly, I am not even sure where to start asking questions. If I read the ACLs sections correctly (both in the Admin Guide and man-page), the rootDNs are granted full read/write everywhere privs by default to their respective Databases. So, with that logic I shouldn't have to put the "replicator" in the olcAccess for olcDataBase={2}bdb (accesslog dbase)...only the ldapadmin account should have an entry. Correct? And, I shouldn't have to put the ldapadmin account in the olcAccess for the olcDatabase={1}bdb (primary dbase). Correct?
What am I missing? And where?
MM-SERVER1:
52fce402 PRESENT
52fce402 => access_allowed: search access to "reqStart=20140211203819.000000Z,cn=accesslog" "objectClass" requested
52fce402 => acl_get: [1] attr objectClass
52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "objectClass" requested
52fce402 => acl_mask: to all values by "cn=ldapadmin,dc=example,dc=ldap", (=0)
52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap
52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap
52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop)
52fce402 <= acl_mask: [2] mask: write(=wrscxd)
52fce402 => slap_access_allowed: search access granted by write(=wrscxd)
52fce402 => access_allowed: search access granted by write(=wrscxd)
52fce402 <= test_filter 6
52fce402 => send_search_entry: conn 2109 dn="reqStart=20140211203819.000000Z,cn=accesslog"
52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "entry" requested
52fce402 => acl_get: [1] attr entry
52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "entry" requested
52fce402 => acl_mask: to all values by "cn=ldapadmin,dc=example,dc=ldap", (=0)
52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap
52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap
52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop)
52fce402 <= acl_mask: [2] mask: write(=wrscxd)
52fce402 => slap_access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: result not in cache (reqType)
52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "reqType" requested
52fce402 => acl_get: [1] attr reqType
52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "reqType" requested
52fce402 => acl_mask: to value by "cn=ldapadmin,dc=example,dc=ldap", (=0)
52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap
52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap
52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop)
52fce402 <= acl_mask: [2] mask: write(=wrscxd)
52fce402 => slap_access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: result not in cache (reqDN)
52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "reqDN" requested
52fce402 => acl_get: [1] attr reqDN
52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "reqDN" requested
52fce402 => acl_mask: to value by "cn=ldapadmin,dc=example,dc=ldap", (=0)
52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap
52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap
52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop)
52fce402 <= acl_mask: [2] mask: write(=wrscxd)
52fce402 => slap_access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: result not in cache (reqMod)
52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "reqMod" requested
52fce402 => acl_get: [1] attr reqMod
52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "reqMod" requested
52fce402 => acl_mask: to value by "cn=ldapadmin,dc=example,dc=ldap", (=0)
52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap
52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap
52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop)
52fce402 <= acl_mask: [2] mask: write(=wrscxd)
52fce402 => slap_access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: result was in cache (reqMod)
52fce402 => access_allowed: result was in cache (reqMod)
52fce402 => access_allowed: result was in cache (reqMod)
52fce402 => access_allowed: result not in cache (entryCSN)
52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "entryCSN" requested
52fce402 => acl_get: [1] attr entryCSN
52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "entryCSN" requested
52fce402 => acl_mask: to value by "cn=ldapadmin,dc=example,dc=ldap", (=0)
52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap
52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap
52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop)
52fce402 <= acl_mask: [2] mask: write(=wrscxd)
52fce402 => slap_access_allowed: read access granted by write(=wrscxd)
52fce402 => access_allowed: read access granted by write(=wrscxd)
52fce402 conn=2109 op=1 ENTRY dn="reqStart=20140211203819Z,cn=accesslog"
MM-SERVER2:
52fce47a =>do_syncrep2 rid=001
ldap_result ld 0x97b3ed0 msgid 2
wait4msg ld 0x97b3ed0 msgid 2 (infinite timeout)
wait4msg continue ld 0x97b3ed0 msgid 2 all 0
** ld 0x97b3ed0 Connections:
* host: mm-server1.example.ldap port: 389 (default)
refcnt: 2 status: Connected
last used: Thu Feb 13 10:27:54 2014
** ld 0x97b3ed0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x97b3ed0 request count 1 (abandoned 0)
** ld 0x97b3ed0 Response Queue:
Empty
ld 0x97b3ed0 response count 0
ldap_chkResponseList ld 0x97b3ed0 msgid 2 all 0
ldap_chkResponseList returns ld 0x97b3ed0 NULL
ldap_int_select
read1msg: ld 0x97b3ed0 msgid 2 all 0
ber_get_next
ldap_read: want=8, got=8
0000: 30 81 b2 02 01 02 64 48 0.....dH
ldap_read: want=173, got=173
0000: 04 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 30 38 ..cn=accesslog08
0010: 30 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 04 28 06..entryCSN1*.(
0020: 32 30 31 34 30 32 30 33 31 38 33 38 33 31 2e 37 20140203183831.7
0030: 35 31 38 33 38 5a 23 30 30 30 30 30 30 23 30 30 51838Z#000000#00
0040: 31 23 30 30 30 30 30 30 a0 63 30 61 04 18 31 2e 1#000000.c0a..1.
0050: 33 2e 36 2e 31 2e 34 2e 31 2e 34 32 30 33 2e 31 3.6.1.4.1.4203.1
0060: 2e 39 2e 31 2e 32 04 45 30 43 0a 01 01 04 00 04 .9.1.2.E0C......
0070: 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 30 31 <rid=001,sid=001
0080: 2c 63 73 6e 3d 32 30 31 34 30 32 30 33 31 38 33 ,csn=20140203183
0090: 38 33 31 2e 37 35 31 38 33 38 5a 23 30 30 30 30 831.751838Z#0000
00a0: 30 30 23 30 30 31 23 30 30 30 30 30 30 00#001#000000
ber_get_next: tag 0x30 len 178 contents:
ber_dump: buf=0x9764590 ptr=0x9764590 end=0x9764642 len=178
0000: 02 01 02 64 48 04 0c 63 6e 3d 61 63 63 65 73 73 ...dH..cn=access
0010: 6c 6f 67 30 38 30 36 04 08 65 6e 74 72 79 43 53 log0806..entryCS
0020: 4e 31 2a 04 28 32 30 31 34 30 32 30 33 31 38 33 N1*.(20140203183
0030: 38 33 31 2e 37 35 31 38 33 38 5a 23 30 30 30 30 831.751838Z#0000
0040: 30 30 23 30 30 31 23 30 30 30 30 30 30 a0 63 30 00#001#000000.c0
0050: 61 04 18 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 a..1.3.6.1.4.1.4
0060: 32 30 33 2e 31 2e 39 2e 31 2e 32 04 45 30 43 0a 203.1.9.1.2.E0C.
0070: 01 01 04 00 04 3c 72 69 64 3d 30 30 31 2c 73 69 .....<rid=001,si
0080: 64 3d 30 30 31 2c 63 73 6e 3d 32 30 31 34 30 32 d=001,csn=201402
0090: 30 33 31 38 33 38 33 31 2e 37 35 31 38 33 38 5a 03183831.751838Z
00a0: 23 30 30 30 30 30 30 23 30 30 31 23 30 30 30 30 #000000#001#0000
00b0: 30 30 00
read1msg: ld 0x97b3ed0 msgid 2 message type search-entry
ber_scanf fmt ({xx) ber:
ber_dump: buf=0x9764590 ptr=0x9764593 end=0x9764642 len=175
0000: 64 48 04 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 dH..cn=accesslog
0010: 30 38 30 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 0806..entryCSN1*
0020: 04 28 32 30 31 34 30 32 30 33 31 38 33 38 33 31 .(20140203183831
0030: 2e 37 35 31 38 33 38 5a 23 30 30 30 30 30 30 23 .751838Z#000000#
0040: 30 30 31 23 30 30 30 30 30 30 a0 63 30 61 04 18 001#000000.c0a..
0050: 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 32 30 33 1.3.6.1.4.1.4203
0060: 2e 31 2e 39 2e 31 2e 32 04 45 30 43 0a 01 01 04 .1.9.1.2.E0C....
0070: 00 04 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 ..<rid=001,sid=0
0080: 30 31 2c 63 73 6e 3d 32 30 31 34 30 32 30 33 31 01,csn=201402031
0090: 38 33 38 33 31 2e 37 35 31 38 33 38 5a 23 30 30 83831.751838Z#00
00a0: 30 30 30 30 23 30 30 31 23 30 30 30 30 30 30 0000#001#000000
ber_scanf fmt ({a) ber:
ber_dump: buf=0x9764590 ptr=0x97645df end=0x9764642 len=99
0000: 30 61 04 18 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 0a..1.3.6.1.4.1.
0010: 34 32 30 33 2e 31 2e 39 2e 31 2e 32 04 45 30 43 4203.1.9.1.2.E0C
0020: 0a 01 01 04 00 04 3c 72 69 64 3d 30 30 31 2c 73 ......<rid=001,s
0030: 69 64 3d 30 30 31 2c 63 73 6e 3d 32 30 31 34 30 id=001,csn=20140
0040: 32 30 33 31 38 33 38 33 31 2e 37 35 31 38 33 38 203183831.751838
0050: 5a 23 30 30 30 30 30 30 23 30 30 31 23 30 30 30 Z#000000#001#000
0060: 30 30 30 000
ber_scanf fmt (o) ber:
ber_dump: buf=0x9764590 ptr=0x97645fb end=0x9764642 len=71
0000: 04 45 30 43 0a 01 01 04 00 04 3c 72 69 64 3d 30 .E0C......<rid=0
0010: 30 31 2c 73 69 64 3d 30 30 31 2c 63 73 6e 3d 32 01,sid=001,csn=2
0020: 30 31 34 30 32 30 33 31 38 33 38 33 31 2e 37 35 0140203183831.75
0030: 31 38 33 38 5a 23 30 30 30 30 30 30 23 30 30 31 1838Z#000000#001
0040: 23 30 30 30 30 30 30 #000000
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
ber_dump: buf=0x9764590 ptr=0x9764593 end=0x9764642 len=175
0000: 64 48 04 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 dH..cn=accesslog
0010: 30 38 30 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 0806..entryCSN1*
0020: 04 28 32 30 31 34 30 32 30 33 31 38 33 38 33 31 .(20140203183831
0030: 2e 37 35 31 38 33 38 5a 23 30 30 30 30 30 30 23 .751838Z#000000#
0040: 30 30 31 23 30 30 30 30 30 30 a0 63 30 61 04 18 001#000000.c0a..
0050: 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 32 30 33 1.3.6.1.4.1.4203
0060: 2e 31 2e 39 2e 31 2e 32 04 45 30 43 0a 01 01 04 .1.9.1.2.E0C....
0070: 00 04 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 ..<rid=001,sid=0
0080: 30 31 2c 63 73 6e 3d 32 30 31 34 30 32 30 33 31 01,csn=201402031
0090: 38 33 38 33 31 2e 37 35 31 38 33 38 5a 23 30 30 83831.751838Z#00
00a0: 30 30 30 30 23 30 30 31 23 30 30 30 30 30 30 0000#001#000000
ber_scanf fmt ({em) ber:
ber_dump: buf=0x950b980 ptr=0x950b980 end=0x950b9c5 len=69
0000: 30 43 0a 01 01 04 00 04 3c 72 69 64 3d 30 30 31 0C......<rid=001
0010: 2c 73 69 64 3d 30 30 31 2c 63 73 6e 3d 32 30 31 ,sid=001,csn=201
0020: 34 30 32 30 33 31 38 33 38 33 31 2e 37 35 31 38 40203183831.7518
0030: 33 38 5a 23 30 30 30 30 30 30 23 30 30 31 23 30 38Z#000000#001#0
0040: 30 30 30 30 30 00000
52fce47a do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD (cn=accesslog)
ldap_msgfree
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 17
0000: 30 05 02 01 03 42 00 0....B.
ldap_write: want=7, written=7
0000: 30 05 02 01 03 42 00 0....B.
ldap_free_connection: actually freed
52fce47a do_syncrepl: rid=001 rc -1 retrying
52fce47a daemon: activity on 1 descriptor
52fce47a daemon: activity on:52fce47a
52fce47a daemon: epoll: listen=7 active_threads=0 tvp=zero
MM-SERVER2:
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /usr/local/openldap/etc/openldap/slapd.conf
olcConfigDir: /usr/local/openldap/etc/openldap/slapd.d
olcArgsFile: /var/lib/openldap/run/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcListenerThreads: 1
olcLocalSSF: 71
olcPidFile: /var/lib/openldap/run/slapd.pid
olcReadOnly: FALSE
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcTLSProtocolMin: 0.0
olcToolThreads: 1
olcWriteTimeout: 0
structuralObjectClass: olcGlobal
entryUUID: 1b256f1e-2f15-4538-8a6f-5b021d015e35
creatorsName: cn=config
createTimestamp: 20140122200748Z
olcLogLevel: stats
olcSecurity: tls=0
olcServerID: 1 ldap://mm-server1.example.ldap
olcServerID: 2 ldap://mm-server2.example.ldap
entryCSN: 20140131211613.134974Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140131211613Z
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: {0}syncprov
olcModuleLoad: {1}accesslog
structuralObjectClass: olcModuleList
entryUUID: 1191cf8f-8d46-4f2e-8aba-e65537210029
creatorsName: cn=admin,cn=config
createTimestamp: 20140129175231Z
entryCSN: 20140129175429.232704Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140129175429Z
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by self write by users read by anonymous auth
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 77451682-9629-4753-9a80-5cc0e69a7482
creatorsName: cn=config
createTimestamp: 20140122200748Z
entryCSN: 20140122200748.381523Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20140122200748Z
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,cn=config
olcRootPW:: <password>
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: d7f25d3b-7ad1-4625-a577-a23a22b5494d
creatorsName: cn=config
createTimestamp: 20140122200748Z
entryCSN: 20140122200748.381523Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20140122200748Z
dn: olcDatabase={1}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=example,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=example,dc=ldap
olcRootPW:: <password>
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/openldap/openldap-data
olcDbCacheSize: 1000
olcDbConfig: {0}# $OpenLDAP$
olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas
es.
olcDbConfig: {2}#
olcDbConfig: {3}# See the Oracle Berkeley DB documentation
olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d
b/db/ref/env/db_config.html>
olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics.
olcDbConfig: {6}#
olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
PTI+
olcDbConfig: {9}# in particular:
olcDbConfig: {10}# <http://www.openldap.org/faq/index.cgi?file=1075>
olcDbConfig: {11}
olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re
building
olcDbConfig: {13}# the DB environment.
olcDbConfig: {14}
olcDbConfig: {15}# one 0.25 GB cache
olcDbConfig: {16}set_cachesize 0 268435456 1
olcDbConfig: {17}
olcDbConfig: {18}# Data Directory
olcDbConfig: {19}#set_data_dir db
olcDbConfig: {20}
olcDbConfig: {21}# Transaction Log settings
olcDbConfig: {22}set_lg_regionmax 262144
olcDbConfig: {23}set_lg_bsize 2097152
olcDbConfig: {24}#set_lg_dir logs
olcDbConfig: {25}
olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui
ck"
olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
aXIgLXEgb3B0aW9uKS4g
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: entryUUID eq
olcDbIndex: entryCSN eq
olcDbIndex: cn eq,sub
olcDbIndex: uid eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: automountKey eq
olcDbIndex: memberUid eq
olcDbIndex: printerURI eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 5a87b5f1-c445-4e0e-ba97-6d2d63093704
creatorsName: cn=config
createTimestamp: 20140122200748Z
olcMirrorMode: TRUE
olcLimits: {0}dn.exact="cn=ldapadmin,dc=example,dc=ldap" size=unlimited time=u
nlimited
olcSyncrepl: {0}rid=002 provider=ldap://mm-server2.example.ldap bindmethod=simple binddn="uid=replicator,ou=Admins,dc=example,dc=ldap" credentials=<password>
interval=01:00:00:00 searchbase="dc=example,dc=ldap" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs="*,+" syncdata=accesslog starttls=no
olcSyncrepl: {1}rid=001 provider=ldap://mm-server1.example.ldap bindmethod=simple binddn="uid=replicator,ou=Admins,dc=example,dc=ldap" credentials=<password>
interval=01:00:00:00 searchbase="dc=example,dc=ldap" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs="*,+" syncdata=accesslog starttls=no
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn.exact="cn=ldapadmin,dc=example,dc=ldap" write by dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" read by * none
olcAccess: {1}to * by * read
entryCSN: 20140203200931.503493Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140203200931Z
dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 04afe1bf-40c7-425a-8b25-74f8687323fc
creatorsName: cn=admin,cn=config
createTimestamp: 20140129180447Z
entryCSN: 20140129180447.701059Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140129180447Z
dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
entryUUID: 54b5fa00-8244-41d3-923d-0743a10bf192
creatorsName: cn=admin,cn=config
createTimestamp: 20140129180903Z
entryCSN: 20140129180903.479192Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140129180903Z
dn: olcDatabase={2}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcDbDirectory: /var/lib/openldap/accesslog
olcSuffix: cn=accesslog
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
structuralObjectClass: olcBdbConfig
entryUUID: ff63820b-fbe4-4a65-8c00-99e2cc28fca5
creatorsName: cn=admin,cn=config
createTimestamp: 20140129175923Z
olcAccess: {0}to * by dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" w
rite by * none
olcLimits: {0}dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" time.soft
=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
olcRootDN: uid=replicator,ou=Admins,dc=example,dc=ldap
entryCSN: 20140203190415.581904Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140203190415Z
dn: olcOverlay={0}syncprov,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 9246709d-7a9b-41f3-bca8-f665add4e4f2
creatorsName: cn=admin,cn=config
createTimestamp: 20140129180331Z
entryCSN: 20140129180331.702641Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140129180331Z
MM-SERVER2:
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /usr/local/openldap/etc/openldap/slapd.conf
olcConfigDir: /usr/local/openldap/etc/openldap/slapd.d
olcArgsFile: /var/lib/openldap/run/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcListenerThreads: 1
olcLocalSSF: 71
olcPidFile: /var/lib/openldap/run/slapd.pid
olcReadOnly: FALSE
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcTLSProtocolMin: 0.0
olcToolThreads: 1
olcWriteTimeout: 0
structuralObjectClass: olcGlobal
entryUUID: 84a58742-a1ce-4714-a743-14daf3f40c75
creatorsName: cn=config
createTimestamp: 20131218155313Z
olcLogLevel: stats
olcSecurity: tls=0
olcServerID: 1 ldap://mm-server1.example.ldap
olcServerID: 2 ldap://mm-server2.example.ldap
entryCSN: 20140131211906.564734Z#000000#002#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140131211906Z
contextCSN: 20140206183618.370299Z#000000#002#000000
contextCSN: 20140121211615.993780Z#000000#004#000000
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: {0}syncprov
olcModuleLoad: {1}accesslog
structuralObjectClass: olcModuleList
entryUUID: ab2c7f52-e10f-4233-aa17-ac8b051defcf
creatorsName: cn=admin,cn=config
createTimestamp: 20140129182320Z
entryCSN: 20140129182642.147840Z#000000#002#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140129182642Z
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by self write by users read by anonymous auth
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 46ec808c-285f-442f-8c70-d5bb8c2d39de
creatorsName: cn=config
createTimestamp: 20131218155313Z
entryCSN: 20131218155313.477459Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20131218155313Z
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,cn=config
olcRootPW:: <password>
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 4354a8b6-8a36-4804-81f8-14a8550aef74
creatorsName: cn=config
createTimestamp: 20131218155313Z
entryCSN: 20131218155313.477459Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20131218155313Z
dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
structuralObjectClass: olcSyncProvConfig
entryUUID: 644d3984-d125-446e-aae2-1ddc541f4661
creatorsName: cn=admin,cn=config
createTimestamp: 20140121191314Z
entryCSN: 20140121191314.076259Z#000000#004#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140121191314Z
dn: olcDatabase={1}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=example,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=example,dc=ldap
olcRootPW:: <password>
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/openldap/openldap-data
olcDbCacheSize: 1000
olcDbConfig: {0}# $OpenLDAP$
olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas
es.
olcDbConfig: {2}#
olcDbConfig: {3}# See the Oracle Berkeley DB documentation
olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d
b/db/ref/env/db_config.html>
olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics.
olcDbConfig: {6}#
olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
PTI+
olcDbConfig: {9}# in particular:
olcDbConfig: {10}# <http://www.openldap.org/faq/index.cgi?file=1075>
olcDbConfig: {11}
olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re
building
olcDbConfig: {13}# the DB environment.
olcDbConfig: {14}
olcDbConfig: {15}# one 0.25 GB cache
olcDbConfig: {16}#set_cachesize 0 268435456 1
olcDbConfig: {17}set_cachesize 0 2147483648 1
olcDbConfig: {18}
olcDbConfig: {19}# Data Directory
olcDbConfig: {20}#set_data_dir db
olcDbConfig: {21}
olcDbConfig: {22}# Archive/deletion
olcDbConfig: {23}set_flags DB_LOG_AUTOREMOVE
olcDbConfig: {24}
olcDbConfig: {25}# Transaction Log settings
olcDbConfig: {26}set_lg_regionmax 262144
olcDbConfig: {27}set_lg_bsize 2097152
olcDbConfig: {28}#set_lg_dir logs
olcDbConfig: {29}
olcDbConfig: {30}# Note: special DB_CONFIG flags are no longer needed for "qui
ck"
olcDbConfig:: ezMxfSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
aXIgLXEgb3B0aW9uKS4g
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: entryUUID eq
olcDbIndex: entryCSN eq
olcDbIndex: cn eq,sub
olcDbIndex: uid eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: sn eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: mail eq,sub
olcDbIndex: automountKey eq
olcDbIndex: memberUid eq
olcDbIndex: printerURI eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 94ff450b-aa70-4507-9ca6-51cdd740ea3e
creatorsName: cn=config
createTimestamp: 20131218155313Z
olcMirrorMode: TRUE
olcLimits: {0}dn.exact="cn=ldapadmin,dc=example,dc=ldap" size=unlimited time=u
nlimited
olcSyncrepl: {0}rid=001 provider=ldap://mm-server1.example.ldap bindmethod=si
mple binddn="uid=replicator,ou=Admins,dc=example,dc=ldap" credentials=<password> interval=01:00:00:00 searchbase="dc=example,dc=ldap" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs="*,+" syncdata=accesslog starttls=no
olcSyncrepl: {1}rid=002 provider=ldap://mm-server2.example.ldap bindmethod=si
mple binddn="uid=replicator,ou=Admins,dc=example,dc=ldap" credentials=<password> interval=01:00:00:00 searchbase="dc=example,dc=ldap" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs="*,+" syncdata=accesslog starttls=no
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn.exact="cn=ldapadmin,dc=example,dc=ldap" write by dn.exact="uid=r
eplicator,ou=Admins,dc=example,dc=ldap" read
olcAccess: {1}to * by * read
entryCSN: 20140206183618.370299Z#000000#002#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140206183618Z
dn: olcOverlay={0}accesslog,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {0}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
entryUUID: 6e4e1508-5eb9-4372-bbd1-813f859b0acc
creatorsName: cn=admin,cn=config
createTimestamp: 20140129182321Z
entryCSN: 20140129182321.004272Z#000000#002#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140129182321Z
dn: olcOverlay={1}syncprov,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {1}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 9108e0db-ba9e-4b40-b743-4016c61582bc
creatorsName: cn=admin,cn=config
createTimestamp: 20140129183014Z
entryCSN: 20140129183014.073365Z#000000#002#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140129183014Z
dn: olcDatabase={2}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcDbDirectory: /var/lib/openldap/accesslog
olcSuffix: cn=accesslog
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
structuralObjectClass: olcBdbConfig
entryUUID: 9b42a346-de9b-42d5-8a3b-3167f80d4b01
creatorsName: cn=admin,cn=config
createTimestamp: 20140129182320Z
olcAccess: {0}to * by dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" w
rite by * none
olcLimits: {0}dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" time.soft
=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
olcRootDN: uid=replicator,ou=Admins,dc=example,dc=ldap
entryCSN: 20140203190210.968231Z#000000#002#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140203190210Z
dn: olcOverlay={0}syncprov,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 0366206b-4295-4463-952c-0b233646c24d
creatorsName: cn=admin,cn=config
createTimestamp: 20140129182831Z
entryCSN: 20140129182831.866738Z#000000#002#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140129182831Z
dn: olcDatabase={3}monitor,cn=config
objectClass: olcDatabaseConfig
olcAccess: {0}to dn.children="cn=monitor" by dn.children="cn=admin,cn=config"
read
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcMonitoring: TRUE
structuralObjectClass: olcDatabaseConfig
entryUUID: 691d6dfc-82af-4e12-8f03-be93d5d5436b
creatorsName: cn=admin,cn=config
createTimestamp: 20140114170424Z
entryCSN: 20140114170424.436842Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20140114170424Z
olcDatabase: {3}monitor
Thanks in advance,
John D. Borresen (Dave)
Linux/Unix Systems Administrator
MIT Lincoln Laboratory
Surveillance Systems Group
244 Wood St
Lexington, MA 02420
Ph: (781) 981-1609
Email: john.borresen@ll.mit.edu