Hrm... my previous post seems to have gone MIA, hopefully this one won't
do the same.
I have a pair of servers running 2.4.28 built with BerkeleyDB 5.2.36, in
a multi-master setup. I was having issues with synchronization (namely,
it wasn't syncing) and decided to rebuild the second server. I nuked
etc/slapd.d/* as well as the contents of the cn=accesslog and main DIT
directories, leaving behind only the DB_CONFIG files.
I dumped the first server's cn=config tree using slapcat -b cn=config,
copied the file over to the second server, and re-added the config using
'slapadd -F slapd.d -b cn=config -l slapcat_output.ldif'. Then I fired
up the server, and let it pull over the main DIT from the first server.
That went fine.
It doesn't seem to have fixed my issue, though, which is the cn=config
tree not synchronizing changes. When I make a change to
olcDatabase={1}hdb,cn=config (which is cn=accesslog) to add some new
indexes on server2, I see the following errors in syslog on server1
(after restarting slapd on server2 to try to force a sync...):
Dec 7 12:13:04 server1 slapd[5984]: conn=1308 fd=25 ACCEPT from
IP=172.30.96.203:52788 (IP=172.30.96.202:389)
Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=0 BIND dn="cn=config"
method=128
Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=0 BIND dn="cn=config"
mech=SIMPLE ssf=0
Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=0 RESULT tag=97 err=0
text=
Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=1 DISCONNECT tag=101
err=2 text=controls require LDAPv3
Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=1 do_search: get_ctrls
failed
Dec 7 12:13:04 server1 slapd[5984]: conn=1308 fd=25 closed (operations
error)
... and on server2:
Dec 7 12:13:04 server2 slapd[7798]: do_syncrep2: rid=001
LDAP_RES_SEARCH_RESULT (2) Protocol error
Dec 7 12:13:04 server2 slapd[7798]: do_syncrep2: rid=001 (2) Protocol error
Dec 7 12:13:04 server2 slapd[7798]: do_syncrepl: rid=001 rc -2 retrying
Dec 7 12:13:04 server2 slapd[7798]: do_syncrep2: rid=001
LDAP_RES_SEARCH_RESULT (2) Protocol error
Dec 7 12:13:04 server2 slapd[7798]: do_syncrep2: rid=001 (2) Protocol error
Dec 7 12:13:04 server2 slapd[7798]: do_syncrepl: rid=001 rc -2 retrying
The "controls require LDAPv3" error confuses me, as a wireshark capture
of the conversation shows the bind asking for LDAPv3.
Can anyone give me some guidance here?