Hi,
I'm trying to set up syncrepl for the first time, using 2.4.7 and copying the mirror node configuration in the OpenLDAP Administrator's manual.
I first started my two LDAP servers without any syncprov/syncrepl configuration in my slapd.conf, and inserted a few ou's which represent my basic container hierarchy. I also added my syncrepl user (the one assigned to 'binddn' in my syncrepl configuration line.) I gave this user read access to everything.
access to * by dn="userid=ldapsync,ou=admin,ou=account,dc=mtholyoke,dc=edu" read by self read
Then I shut down OpenLDAP, and uncommented my syncrepl configuration.
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 syncrepl rid=1 provider=ldap://dira.mtholyoke.edu/ bindmethod=simple binddn="userid=ldapsync,ou=admin,ou=accounts,dc=mtholyoke,dc=edu" credentials="blahblah" searchbase="dc=mtholyoke,dc=edu" schemachecking=on type=refreshAndPersist retry="60 +"
mirrormode on serverID 2
Next I started OpenLDAP again, and inserted a test user. I can see in my logs that the other server is attempting to syncronize. The bind operation appears succesful, but then the sync fails with the following error:
Feb 19 16:17:18 drab slapd[27432]: conn=10 op=0 BIND dn="uid=ldapsync,ou=admin,ou=accounts,dc=mtholyoke,dc=edu" mech=SIMPLE ssf=0 Feb 19 16:17:18 drab slapd[27432]: conn=10 op=0 RESULT tag=97 err=0 text= Feb 19 16:17:18 drab slapd[27432]: begin get_filter Feb 19 16:17:18 drab slapd[27432]: PRESENT Feb 19 16:17:18 drab slapd[27432]: end get_filter 0 Feb 19 16:17:18 drab slapd[27432]: conn=10 op=1 SRCH base="dc=mtholyoke,dc=edu" scope=2 deref=3 filter="(objectClass=*)" Feb 19 16:17:18 drab slapd[27432]: conn=10 op=1 SRCH attr=* + Feb 19 16:17:18 drab slapd[27432]: conn=10 op=1 SEARCH RESULT tag=101 err=2 nentries=0 text=illegal value for derefAliases
I suspect I'm simply overlooking something obvious, or not doing the initial setup quite right, but like I say, this is my first time through this, so any advice is appreciated.
TIA.
Ron Peterson wrote:
Hi,
I'm trying to set up syncrepl for the first time, using 2.4.7 and copying the mirror node configuration in the OpenLDAP Administrator's manual.
I first started my two LDAP servers without any syncprov/syncrepl configuration in my slapd.conf, and inserted a few ou's which represent my basic container hierarchy. I also added my syncrepl user (the one assigned to 'binddn' in my syncrepl configuration line.) I gave this user read access to everything.
access to * by dn="userid=ldapsync,ou=admin,ou=account,dc=mtholyoke,dc=edu" read by self read
Then I shut down OpenLDAP, and uncommented my syncrepl configuration.
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 syncrepl rid=1 provider=ldap://dira.mtholyoke.edu/ bindmethod=simple binddn="userid=ldapsync,ou=admin,ou=accounts,dc=mtholyoke,dc=edu" credentials="blahblah" searchbase="dc=mtholyoke,dc=edu" schemachecking=on type=refreshAndPersist retry="60 +"
mirrormode on serverID 2
"serverID" is a global option, it works here but it doesn't belong here.
Next I started OpenLDAP again, and inserted a test user. I can see in my logs that the other server is attempting to syncronize. The bind operation appears succesful, but then the sync fails with the following error:
Feb 19 16:17:18 drab slapd[27432]: conn=10 op=0 BIND dn="uid=ldapsync,ou=admin,ou=accounts,dc=mtholyoke,dc=edu" mech=SIMPLE ssf=0 Feb 19 16:17:18 drab slapd[27432]: conn=10 op=0 RESULT tag=97 err=0 text= Feb 19 16:17:18 drab slapd[27432]: begin get_filter Feb 19 16:17:18 drab slapd[27432]: PRESENT Feb 19 16:17:18 drab slapd[27432]: end get_filter 0 Feb 19 16:17:18 drab slapd[27432]: conn=10 op=1 SRCH base="dc=mtholyoke,dc=edu" scope=2 deref=3 filter="(objectClass=*)" Feb 19 16:17:18 drab slapd[27432]: conn=10 op=1 SRCH attr=* + Feb 19 16:17:18 drab slapd[27432]: conn=10 op=1 SEARCH RESULT tag=101 err=2 nentries=0 text=illegal value for derefAliases
I suspect I'm simply overlooking something obvious, or not doing the initial setup quite right, but like I say, this is my first time through this, so any advice is appreciated.
At a guess you have the DEREF option set in an ldap.conf or ldaprc file somewhere and it's getting sucked into slapd's default libldap context.
2008-02-20_00:46:59-0500 Howard Chu hyc@symas.com:
I can see in my logs that the other server is attempting to syncronize. The bind operation appears succesful, but then the sync fails with the following error:
Feb 19 16:17:18 drab slapd[27432]: conn=10 op=1 SEARCH RESULT tag=101 err=2 nentries=0 text=illegal value for derefAliases
At a guess you have the DEREF option set in an ldap.conf or ldaprc file somewhere and it's getting sucked into slapd's default libldap context.
Yes, I had DEREF=always in my ~/.ldaprc. Thanks!
openldap-software@openldap.org
-
Howard Chu -
Ron Peterson