[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication suddenly broken

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Replication suddenly broken
From: Prentice Bisbal <pbisbal@princeton.edu>
Date: Thu, 16 Jan 2020 21:03:56 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=princeton.edu; dmarc=pass action=none header.from=princeton.edu; dkim=pass header.d=princeton.edu; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F3yplw0QDJtuvsdJswOoPTBD5JRbH6YVezY6A+QJWaA=; b=KC6iAY2T6M9Lhg36zfhh7WIekRDkI9eRCORAEde6O/NE/ST3FxUrTM99Ju8YKcEemWo6GzxuBLXLct3vy67Q8rnpd5yaUMO0ZvDwifboEjcQBBL7zJh+cLXcO99LefEzKNa6cuvQBer0ZFksLXuP3k8NanmssHpDSCAqk2dMGCTmfm0RCKAfRGDHsssgUWZizNWeoAZCo4atLQBsk4JELUJrh8RrAXcl0LgiHjRMNeVX8YUFonlkPY8UInRBwJvMAWwd1KMeNaHFTQcokV9eRhjstFEtbmrgkFneWotCjyvW7N+OxMooGbI+FHYLnriJPC3YJbFKi/A0/XuvFK8kiw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TpbEFih62YuH2U0mYWtgMdSpsefrFttYYr9cZRAptMR9NgQ/eXZotRs3Vv2ligcE5idaVpu70lzikBvCTHuwWcs0PruD7456AzX7T48gbi5DR8rfZOQO2EZiZPHNwiPSKlIOAfi4BU3YY3z0sOKuhAPkm/JgCRmCTyvyFngR2nAaiapjgdTRFIyzswN2Nl5yLvljrhXFnBZHRRr4BNxe/XHjNRpZwDet6s1JNQZsjUFlI1TgI0IdA8eqrN3tpk67BSi1qImHASB886268IYrsuMldNlEgVZP66ZqHAQJECofrxOnOkw3ya5sQKYA5cNdnvhFfjgqYXkFDiLW1ElSQw==
Content-id: <9DFB9B53DFF0C845A4592E7A9EB495B2@namprd04.prod.outlook.com>
Content-language: en-US
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=princetonu.onmicrosoft.com; s=selector1-princetonu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F3yplw0QDJtuvsdJswOoPTBD5JRbH6YVezY6A+QJWaA=; b=YbLZbO8zYRVSBhuhRyGkD3CW4F4AUbkBezs4IEbxci0IHoDftsTUhYLRNcYxCdMK+AGGXV7qvXYPN0Ha486ja2yFMXTGSQezzlE6PW8S5eSITJoQshKwKiREInVeh4+6yl/RBeTsBcK5WJSJKhD0KIMLVsrxpu1atPGF6dt1lXw=
Thread-index: AQHVzLB38eKNuYWtmU+Tj/QkNXqZBA==
Thread-topic: Replication suddenly broken

One of my coworkers just noticed that replication is broken between our 
primary and secondary LDAP servers. It appears to have been broken for 
about 1 week now. Nothing has changed relative to the LDAP configuration 
on either of our servers, so this is an odd thing to suddenly happen. 
When I look at the consumer with some debugging on, I see these messages 
(/usr/sbin/slapd -d 1638 was used to get these messages):

It looks like the consumer 
host/voltron-b.pppl.gov,cn=pppl.gov,cn=gssapi,cn=auth,is being rejected 
as not being authorized, but this has been working for years w/o issue. 
Any idea what has changed and how I may fix it?

ldap_write: want=22, written=22
   0000:  30 14 02 01 02 60 0f 02  01 03 04 00 a3 08 04 06   
0....`..........
   0010:  47 53 53 41 50 49                                  GSSAPI
ldap_read: want=8, got=8
   0000:  30 4a 02 01 02 61 45 0a                            0J...aE.
ldap_read: want=68, got=68
   0000:  01 0e 04 00 04 1c 53 41  53 4c 28 30 29 3a 20 73   
......SASL(0): s
   0010:  75 63 63 65 73 73 66 75  6c 20 72 65 73 75 6c 74   uccessful 
result
   0020:  3a 20 87 20 05 04 05 ff  00 0c 00 00 00 00 00 00   : . 
............
   0030:  3a f9 e0 c9 07 00 00 00  fd e6 0d 82 df 31 29 00   
:............1).
   0040:  a7 27 90 6a                                        .'.j
ldap_write: want=116, written=116
   0000:  30 72 02 01 03 60 6d 02  01 03 04 00 a3 66 04 06   
0r...`m......f..
   0010:  47 53 53 41 50 49 04 5c  05 04 04 ff 00 0c 00 00   
GSSAPI.\........
   0020:  00 00 00 00 36 3c fc 1d  04 ff ff ff 64 6e 3a 75   
....6<......dn:u
   0030:  69 64 3d 68 6f 73 74 2f  76 6f 6c 74 72 6f 6e 2d   
id=host/voltron-
   0040:  62 2e 70 70 70 6c 2e 67  6f 76 2c 63 6e 3d 70 70   
b.pppl.gov,cn=pp
   0050:  70 6c 2e 67 6f 76 2c 63  6e 3d 67 73 73 61 70 69   
pl.gov,cn=gssapi
   0060:  2c 63 6e 3d 61 75 74 68  c2 5d 9b 4a ce d9 d6 8b   
,cn=auth.].J....
   0070:  23 5f b4 1d                                        #_..
ldap_read: want=8, got=8
   0000:  30 3c 02 01 03 61 37 0a                            0<...a7.
ldap_read: want=54, got=54
   0000:  01 32 04 00 04 30 53 41  53 4c 28 2d 31 34 29 3a   
.2...0SASL(-14):
   0010:  20 61 75 74 68 6f 72 69  7a 61 74 69 6f 6e 20 66    
authorization f
   0020:  61 69 6c 75 72 65 3a 20  6e 6f 74 20 61 75 74 68   ailure: not 
auth
   0030:  6f 72 69 7a 65 64                                  orized
5e20cedc slap_client_connect: URI=ldap://ldap1.pppl.gov 
ldap_sasl_interactive_bind_s failed (50)
ldap_write: want=7, written=7
   0000:  30 05 02 01 04 42 00                               0....B.
5e20cedc do_syncrepl: rid=001 rc 50 retrying


-- Prentice

Follow-Ups:
- Re: Replication suddenly broken
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: RE24 testing call (2.4.49) LMDB RE0.9 testing call (0.9.25)
Next by Date: Re: Replication account problem
Index(es):
- Chronological
- Thread