openldap-technical May 2016

openldap-technical@openldap.org

39 participants
41 discussions

entryCSN is larger (later) in consumer node than in provider node
by Frank Luo 23 May '16

23 May '16

All, I am having a out-of sync situation now with some entries' entryCSN is larger (later) in consumer node than in provider node. So the consumer never gets updated since it thinks it has the latest value. provider: entryCSN: 20160520164908.960158Z#000000#001#000000 consumer: entryCSN: 20160521191401.646572Z#000000#000#000000 slapd.conf in consumer: overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 syncrepl rid=003 provider=ldap://server.u.edu bindmethod=simple binddn="cn=Manager,dc=u,dc=com" credentials=password searchbase="dc=u,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" Any hint about this? Thanks a lot! Frank

2 1

(no subject)
by Abdelkader Chelouah 23 May '16

23 May '16

OpenLDAP 2.4.44 under RHEL 7.1 I'm using back-ldap to proxy a back-mdb instance with 1K users. The relevant part of the proxy configuration is dn: olcDatabase={2}ldap,cn=config objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {2}ldap olcSuffix: dc=example,dc=com olcDbURI: "ldap://ldap-server.example.com:389/" olcDbIDAssertBind: bindmethod=none olcDbIDAssertAuthzFrom: {0}"*" olcDbRebindAsUser: TRUE olcDbChaseReferrals: TRUE I'm using slamd for doing performance tests. According to the back-ldap man page, sessions that explicitly Bind to the back-ldap database always create their own private connection to the remote LDAP server. The private connections are closed after the remote LDAP server idletimeout (15mn), but remain stuck in a CLOSE_WAIT status. Moreover, it seems that the private connections are not reused for further BIND with the same user since the available file descriptors (8192) on remote server are quickly exhausted (only 1K users). Using the parameter olcDbSingleConn: TRUE improves the situation (the number of connections open on the remote server and the proxy are more or less identical), but slapd logs show errors 2016-05-23T11:18:50.100499+02:00 proxy-ldap slapd-proxy_ldap[18402]: conn=1419 op=7201 ldap_back_retry: retrying URI="ldap:// mirror.example.com:389" DN="" 2016-05-23T11:18:50.100542+02:00 proxy-ldap slapd-proxy_ldap[18402]: conn=1419 op=7201 RESULT tag=97 err=52 text=Proxy operation retry failed The encountred problem seems to be related to ITS#4387 ( http://www.openldap.org/its/index.cgi/Archive.Software%20Bugs?id=4387;selec…) and ITS#4420 ( http://www.openldap.org/its/index.cgi/Archive.Incoming?id=4420;selectid=442… )

1 0

Translucent problem
by Frank Rust 22 May '16

22 May '16

Hi all, I want to try a translucent configuration: The local ldap shall overlay the central ldap with local information on mail routing. I only have read access to the central ldap server. Generally it works fine, when using bind with a locally known user. But when I try bind with a user of the central ldap (for mail user authentication) it fails. Example: $ ldapsearch -LLL -w pass -b cn=sendmail,dc=some,dc=local,dc=company,dc=de -H ldap://localhost/ -b ou=People,dc=company,dc=de uid=myUID cn uid mailLocalAddress returns me absolutely correct: dn: uid=myUID,ou=people,dc=company,dc=de uid: nyUID cn: Firstname Name mailLocalAddress: firstname.name(a)some.local.company.de mailLocalAddress: f.name(a)some.local.company.de mailLocalAddress: myUID(a)some.local.company.de $ ldapsearch -LLL -w myPass -b uid=myUID,ou=People,dc=company,dc=de -H ldap://localhost/ -b ou=People,dc=company,dc=de uid=myUID cn did mailLocalAddress returns no results. When tcpdumping network traffic to central ldap I can see that the correct result is returned. What am I possibly doing wrong? Thanks in advance for any hints. Best regards, Frank ### Relevant parts of my configuration: # {2}mdb, config dn: olcDatabase={2}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {2}mdb olcDbDirectory: /var/lib/ldap/translucent olcSuffix: ou=People,dc=company,dc=de olcRootDN: cn=local-admin,ou=People,dc=company,dc=de olcRootPW:: secret... olcDbIndex: objectClass eq olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonym ous auth by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.children="ou=People,dc=company,dc=de" by dn="cn=sendmail,dc =some,dc=local,dc=company,dc=de" read # {0}translucent, {2}mdb, config dn: olcOverlay={0}translucent,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcTranslucentConfig olcOverlay: {0}translucent olcTranslucentLocal: mailLocalAddress,mailRoutingAddress,mailHost # {0}ldap, {0}translucent, {2}mdb, config dn: olcDatabase={0}ldap,olcOverlay={0}translucent,olcDatabase={2}mdb,cn=config objectClass: olcLDAPConfig objectClass: olcTranslucentDatabase olcDatabase: {0}ldap olcDbURI: "ldap://ldap.company.de" olcDbStartTLS: none starttls=no olcDbRebindAsUser: FALSE olcDbChaseReferrals: TRUE olcDbTFSupport: no olcDbProxyWhoAmI: FALSE olcDbProtocolVersion: 3 olcDbSingleConn: FALSE olcDbCancel: abandon olcDbUseTemporaryConn: FALSE olcDbConnectionPoolMax: 16 olcDbSessionTrackingRequest: FALSE olcDbNoRefs: FALSE olcDbNoUndefFilter: FALSE olcDbOnErr: continue olcDbKeepalive: 0:0:0 ### Logfile on failed request: May 22 13:46:24 ldap slapd[493]: daemon: activity on 1 descriptor May 22 13:46:24 ldap slapd[493]: daemon: activity on: May 22 13:46:24 ldap slapd[493]: May 22 13:46:24 ldap slapd[493]: slap_listener_activate(10): May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=9 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=10 busy May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=11 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=12 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=13 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: >>> slap_listener(ldap:///) May 22 13:46:24 ldap slapd[493]: daemon: listen=10, new connection on 22 May 22 13:46:24 ldap slapd[493]: daemon: added 22r (active) listener=(nil) May 22 13:46:24 ldap slapd[493]: conn=1874 fd=22 ACCEPT from IP=[::1]:49124 (IP=[::]:389) May 22 13:46:24 ldap slapd[493]: daemon: activity on 1 descriptor May 22 13:46:24 ldap slapd[493]: daemon: activity on: May 22 13:46:24 ldap slapd[493]: May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=9 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=10 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=11 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=12 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=13 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: activity on 1 descriptor May 22 13:46:24 ldap slapd[493]: daemon: activity on: May 22 13:46:24 ldap slapd[493]: 22r May 22 13:46:24 ldap slapd[493]: May 22 13:46:24 ldap slapd[493]: daemon: read active on 22 May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=9 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=10 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=11 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=12 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=13 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: connection_get(22) May 22 13:46:24 ldap slapd[493]: connection_get(22): got connid=1874 May 22 13:46:24 ldap slapd[493]: connection_read(22): checking for input on id=1874 May 22 13:46:24 ldap slapd[493]: op tag 0x60, time 1463917584 May 22 13:46:24 ldap slapd[493]: conn=1874 op=0 do_bind May 22 13:46:24 ldap slapd[493]: >>> dnPrettyNormal: <uid=myUID,ou=People,dc=company,dc=de> May 22 13:46:24 ldap slapd[493]: <<< dnPrettyNormal: <uid=myUID,ou=People,dc=company,dc=de>, <uid=myUID,ou=people,dc=company,dc=de> May 22 13:46:24 ldap slapd[493]: conn=1874 op=0 BIND dn="uid=myUID,ou=People,dc=company,dc=de" method=128 May 22 13:46:24 ldap slapd[493]: do_bind: version=3 dn="uid=myUID,ou=People,dc=company,dc=de" method=128 May 22 13:46:24 ldap slapd[493]: translucent_bind: <uid=myUID,ou=People,dc=company,dc=de> method 128 May 22 13:46:24 ldap slapd[493]: =>ldap_back_getconn: conn=1874 op=0: lc=0x7f3d44133a60 inserted refcnt=1 rc=0 May 22 13:46:24 ldap slapd[493]: daemon: activity on 1 descriptor May 22 13:46:24 ldap slapd[493]: daemon: activity on: May 22 13:46:24 ldap slapd[493]: May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=9 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=10 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=11 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=12 active_threads=0 tvp=zero May 22 13:46:24 ldap slapd[493]: daemon: epoll: listen=13 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: conn=1874 op=0 BIND dn="uid=myUID,ou=People,dc=company,dc=de" mech=SIMPLE ssf=0 May 22 13:46:25 ldap slapd[493]: do_bind: v3 bind: "uid=myUID,ou=People,dc=company,dc=de" to "uid=myUID,ou=People,dc=company,dc=de" May 22 13:46:25 ldap slapd[493]: send_ldap_result: conn=1874 op=0 p=3 May 22 13:46:25 ldap slapd[493]: send_ldap_result: err=0 matched="" text="" May 22 13:46:25 ldap slapd[493]: send_ldap_response: msgid=1 tag=97 err=0 May 22 13:46:25 ldap slapd[493]: conn=1874 op=0 RESULT tag=97 err=0 text= May 22 13:46:25 ldap slapd[493]: daemon: activity on 1 descriptor May 22 13:46:25 ldap slapd[493]: daemon: activity on: May 22 13:46:25 ldap slapd[493]: 22r May 22 13:46:25 ldap slapd[493]: May 22 13:46:25 ldap slapd[493]: daemon: read active on 22 May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=9 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=10 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=11 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=12 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=13 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: connection_get(22) May 22 13:46:25 ldap slapd[493]: connection_get(22): got connid=1874 May 22 13:46:25 ldap slapd[493]: connection_read(22): checking for input on id=1874 May 22 13:46:25 ldap slapd[493]: op tag 0x63, time 1463917585 May 22 13:46:25 ldap slapd[493]: conn=1874 op=1 do_search May 22 13:46:25 ldap slapd[493]: >>> dnPrettyNormal: <ou=People,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: <<< dnPrettyNormal: <ou=People,dc=company,dc=de>, <ou=people,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: SRCH "ou=People,dc=company,dc=de" 2 0 May 22 13:46:25 ldap slapd[493]: 0 0 0 May 22 13:46:25 ldap slapd[493]: begin get_filter May 22 13:46:25 ldap slapd[493]: EQUALITY May 22 13:46:25 ldap slapd[493]: end get_filter 0 May 22 13:46:25 ldap slapd[493]: filter: (uid=myUID) May 22 13:46:25 ldap slapd[493]: attrs: May 22 13:46:25 ldap slapd[493]: cn May 22 13:46:25 ldap slapd[493]: uid May 22 13:46:25 ldap slapd[493]: mailLocalAddress May 22 13:46:25 ldap slapd[493]: userPassword May 22 13:46:25 ldap slapd[493]: May 22 13:46:25 ldap slapd[493]: conn=1874 op=1 SRCH base="ou=People,dc=company,dc=de" scope=2 deref=0 filter="(uid=myUID)" May 22 13:46:25 ldap slapd[493]: conn=1874 op=1 SRCH attr=cn uid mailLocalAddress userPassword May 22 13:46:25 ldap slapd[493]: ==> limits_get: conn=1874 op=1 self="uid=myUID,ou=people,dc=company,dc=de" this="ou=people,dc=company,dc=de" May 22 13:46:25 ldap slapd[493]: ==> translucent_search: <ou=People,dc=company,dc=de> (uid=myUID) May 22 13:46:25 ldap slapd[493]: =>ldap_back_getconn: conn 0x7f3d44133a60 fetched refcnt=1. May 22 13:46:25 ldap slapd[493]: => ldap_back_munge_filter "(uid=myUID)" May 22 13:46:25 ldap slapd[493]: <= ldap_back_munge_filter "(uid=myUID)" (0) May 22 13:46:25 ldap slapd[493]: daemon: activity on 1 descriptor May 22 13:46:25 ldap slapd[493]: daemon: activity on: May 22 13:46:25 ldap slapd[493]: May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=9 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=10 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=11 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=12 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=13 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: >>> dnPrettyNormal: <uid=myUID,ou=people,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: <<< dnPrettyNormal: <uid=myUID,ou=people,dc=company,dc=de>, <uid=myUID,ou=people,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: >>> dnPretty: <cn=ldaproot,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: <<< dnPretty: <cn=ldaproot,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: >>> dnNormalize: <cn=ldaproot,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: <<< dnNormalize: <cn=ldaproot,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: >>> dnPretty: <cn=ldaproot,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: <<< dnPretty: <cn=ldaproot,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: >>> dnNormalize: <cn=ldaproot,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: <<< dnNormalize: <cn=ldaproot,dc=company,dc=de> May 22 13:46:25 ldap slapd[493]: ==> translucent_search_cb: uid=myUID,ou=people,dc=company,dc=de May 22 13:46:25 ldap slapd[493]: => mdb_entry_get: ndn: "uid=myUID,ou=people,dc=company,dc=de" May 22 13:46:25 ldap slapd[493]: => mdb_entry_get: oc: "(null)", at: "(null)" May 22 13:46:25 ldap slapd[493]: mdb_dn2entry("uid=myUID,ou=people,dc=company,dc=de") May 22 13:46:25 ldap slapd[493]: => mdb_dn2id("uid=myUID,ou=people,dc=company,dc=de") May 22 13:46:25 ldap slapd[493]: <= mdb_dn2id: got id=0x2 May 22 13:46:25 ldap slapd[493]: => mdb_entry_decode: May 22 13:46:25 ldap slapd[493]: <= mdb_entry_decode May 22 13:46:25 ldap slapd[493]: => mdb_entry_get: found entry: "uid=myUID,ou=people,dc=company,dc=de" May 22 13:46:25 ldap slapd[493]: mdb_entry_get: rc=0 May 22 13:46:25 ldap slapd[493]: => test_filter May 22 13:46:25 ldap slapd[493]: EQUALITY May 22 13:46:25 ldap slapd[493]: => access_allowed: search access to "uid=myUID,ou=people,dc=company,dc=de" "uid" requested May 22 13:46:25 ldap slapd[493]: => dn: [2] May 22 13:46:25 ldap slapd[493]: => dn: [3] ou=people,dc=company,dc=de May 22 13:46:25 ldap slapd[493]: => acl_get: [3] matched May 22 13:46:25 ldap slapd[493]: => acl_get: [3] attr uid May 22 13:46:25 ldap slapd[493]: => acl_mask: access to entry "uid=myUID,ou=people,dc=company,dc=de", attr "uid" requested May 22 13:46:25 ldap slapd[493]: => acl_mask: to value by "uid=myUID,ou=people,dc=company,dc=de", (=0) May 22 13:46:25 ldap slapd[493]: <= check a_dn_pat: cn=sendmail,dc=some,dc=local,dc=company,dc=de May 22 13:46:25 ldap slapd[493]: <= acl_mask: no more <who> clauses, returning =0 (stop) May 22 13:46:25 ldap slapd[493]: => slap_access_allowed: search access denied by =0 May 22 13:46:25 ldap slapd[493]: => access_allowed: no more rules May 22 13:46:25 ldap slapd[493]: <= test_filter 50 May 22 13:46:25 ldap slapd[493]: send_ldap_result: conn=1874 op=1 p=3 May 22 13:46:25 ldap slapd[493]: send_ldap_result: err=0 matched="" text="" May 22 13:46:25 ldap slapd[493]: send_ldap_response: msgid=2 tag=101 err=0 May 22 13:46:25 ldap slapd[493]: conn=1874 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= May 22 13:46:25 ldap slapd[493]: daemon: activity on 1 descriptor May 22 13:46:25 ldap slapd[493]: daemon: activity on: May 22 13:46:25 ldap slapd[493]: 22r May 22 13:46:25 ldap slapd[493]: May 22 13:46:25 ldap slapd[493]: daemon: read active on 22 May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=9 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=10 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=11 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=12 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=13 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: connection_get(22) May 22 13:46:25 ldap slapd[493]: connection_get(22): got connid=1874 May 22 13:46:25 ldap slapd[493]: connection_read(22): checking for input on id=1874 May 22 13:46:25 ldap slapd[493]: op tag 0x42, time 1463917585 May 22 13:46:25 ldap slapd[493]: ber_get_next on fd 22 failed errno=0 (Success) May 22 13:46:25 ldap slapd[493]: connection_read(22): input error=-2 id=1874, closing. May 22 13:46:25 ldap slapd[493]: connection_closing: readying conn=1874 sd=22 for close May 22 13:46:25 ldap slapd[493]: connection_close: deferring conn=1874 sd=22 May 22 13:46:25 ldap slapd[493]: conn=1874 op=2 do_unbind May 22 13:46:25 ldap slapd[493]: conn=1874 op=2 UNBIND May 22 13:46:25 ldap slapd[493]: connection_resched: attempting closing conn=1874 sd=22 May 22 13:46:25 ldap slapd[493]: connection_close: conn=1874 sd=22 May 22 13:46:25 ldap slapd[493]: translucent_connection_destroy May 22 13:46:25 ldap slapd[493]: =>ldap_back_conn_destroy: fetching conn 1874 May 22 13:46:25 ldap slapd[493]: =>ldap_back_conn_destroy: destroying conn 1874 refcnt=0 flags=0x00000101 May 22 13:46:25 ldap slapd[493]: daemon: removing 22 May 22 13:46:25 ldap slapd[493]: conn=1874 fd=22 closed May 22 13:46:25 ldap slapd[493]: daemon: activity on 1 descriptor May 22 13:46:25 ldap slapd[493]: daemon: activity on: May 22 13:46:25 ldap slapd[493]: May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=9 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=10 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=11 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=12 active_threads=0 tvp=zero May 22 13:46:25 ldap slapd[493]: daemon: epoll: listen=13 active_threads=0 tvp=zero

1 0

[LMDB] New product using LMDB
by Christian Sell 21 May '16

21 May '16

Hello all, I would like to introduce another product/tool that is based on LMDB and might be useful to some. Enter "LightningObjects", the High Performance embedded C++ Object Storage solution. LO is a template based mapping layer that turns LMDB (or any other key/value store that can be adapted to the internal abstract storage API) into a transactional C++ object store. Code is available at https://github.com/gsvitec/lightning-objects. Currently in alpha state, but used in a large commercial project already. I look forward to anyone's comments. regards, Christian Sell

2 1

pw-sha2, olcPasswordHash, SSHA512 & with cn=config
by Patrick Ohearn 17 May '16

17 May '16

Hi, I am running into an issue with changing olcPasswordHash to SSHA512, in cn=config . OpenLDAP appears not to load the pw-sha2 module from contrib, until after it reads cn=config, causing slaptest to fail. This looks to have already been reported in ITS 7802, however the ticket is closed and I don't see any obvious resolution to the issue. -- Email: pat(a)ge3k.net IM: pat(a)ge3k.net Site: http://ge3k.net

2 1

SLAPD WON'T START ON ONE OF THE MULTIMASTERS
by Borresen, John - 0444 - MITLL 16 May '16

16 May '16

We have a 3-way multimaster configuration running on CentOS 5.11, OpenLDAP 2.4.40. All three have been up for years, until the other day: Slapd is running on two of the three (server names: ldapserver1, ldapserver2, and ldapserver3). Slapd stopped and won't restart on ldapserver2. >From Logs on ldapserver2: May 10 04:02:13 gp42-admin4 slapd[4541]: slapd shutdown: waiting for 0 operations/tasks to finish May 10 04:02:19 gp42-admin4 slapd[15633]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 10 04:02:19 gp42-admin4 slapd[15633]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 10 04:02:19 gp42-admin4 slapd[15633]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 10 04:02:21 gp42-admin4 slapd[15634]: bdb_db_open: database "cn=accesslog": database already in use. May 10 04:02:21 gp42-admin4 slapd[15634]: backend_startup_one (type=bdb, suffix="cn=accesslog"): bi_db_open failed! (-1) May 10 04:02:21 gp42-admin4 slapd[15634]: slapd stopped. May 10 04:02:22 gp42-admin4 slapd[4541]: slapd stopped. When attempting to restart slapd on server2: May 13 10:13:54 gp42-admin4 slapd[12085]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:13:54 gp42-admin4 slapd[12085]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:13:54 gp42-admin4 slapd[12085]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:13:56 gp42-admin4 slapd[12086]: slapd starting May 13 10:13:56 gp42-admin4 slapd[12086]: do_syncrep2: rid=002 (4096) Content Sync Refresh Required May 13 10:13:56 gp42-admin4 slapd[12086]: do_syncrep2: rid=001 (4096) Content Sync Refresh Required May 13 10:13:57 gp42-admin4 slapd[12086]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995) May 13 10:13:57 gp42-admin4 slapd[12086]: => bdb_dn2id_add 0xfc6: parent (cn=accesslog) insert failed: -30995 May 13 10:13:57 gp42-admin4 slapd[12086]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995) May 13 10:13:57 gp42-admin4 slapd[12086]: => bdb_dn2id_delete 0xf50: parent (cn=accesslog) delete failed: -30995 May 13 10:15:55 gp42-admin4 slapd[12106]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:15:55 gp42-admin4 slapd[12106]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:15:55 gp42-admin4 slapd[12106]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:15:55 gp42-admin4 slapd[12106]: bdb_db_open: database "dc=example,dc=ldap": unclean shutdown detected; attempting recovery. May 13 10:15:57 gp42-admin4 slapd[12106]: bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. May 13 10:15:58 gp42-admin4 slapd[12106]: slapd starting May 13 10:28:49 gp42-admin4 slapd[12255]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:28:49 gp42-admin4 slapd[12255]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:28:49 gp42-admin4 slapd[12255]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:28:50 gp42-admin4 slapd[12255]: bdb_db_open: database "dc=example,dc=com": unclean shutdown detected; attempting recovery. May 13 10:28:50 gp42-admin4 slapd[12255]: bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. May 13 10:28:52 gp42-admin4 slapd[12255]: slapd starting May 13 10:29:24 gp42-admin4 slapd[12264]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:29:24 gp42-admin4 slapd[12264]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:29:24 gp42-admin4 slapd[12264]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:29:24 gp42-admin4 slapd[12264]: bdb_db_open: database "dc=example,dc=ldap": unclean shutdown detected; attempting recovery. May 13 10:29:24 gp42-admin4 slapd[12264]: bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. May 13 10:29:24 gp42-admin4 slapd[12264]: slapd starting May 13 10:29:53 gp42-admin4 slapd[12280]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:29:53 gp42-admin4 slapd[12280]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:29:53 gp42-admin4 slapd[12280]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:29:53 gp42-admin4 slapd[12280]: bdb_db_open: database "dc=example,dc=ldap": unclean shutdown detected; attempting recovery. May 13 10:29:53 gp42-admin4 slapd[12280]: bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. May 13 10:29:53 gp42-admin4 slapd[12280]: slapd starting May 13 10:32:35 gp42-admin4 slapd[12345]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd Attempting to restart slapd from the command-line: 5735ed50 slapd starting 5735ed50 => bdb_entry_get: ndn: "cn=accesslog" 5735ed50 => bdb_entry_get: oc: "(null)", at: "(null)" 5735ed50 bdb_idl_fetch_key: %cn=accesslog 5735ed50 bdb_idl_fetch_key: [b49d1940] 5735ed50 bdb_idl_fetch_key: 5735ed50 send_ldap_result: err=0 matched="" text="" 5735ed50 => bdb_entry_get: ndn: "dc=example,dc=com" 5735ed50 => bdb_entry_get: oc: "(null)", at: "contextCSN" ldap_build_search_req ATTRS: reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN ldap_build_search_req ATTRS: reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN => ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com,0) <= ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com,0) <= ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com,0) <= ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=jdoe,ou=Users,dc=example,dc=com)=0 5735ed50 => bdb_entry_get: ndn: "uid=jdoe,ou=Users,dc=example,dc=com" 5735ed50 => bdb_entry_get: oc: "(null)", at: "(null)" slapd: search.c:1125: oc_filter: Assertion `f != ((void *)0)' failed. Aborted I have run db_recover on the dbase(s) on ldapserver2 but to no avail. Does anyone have any suggestions? Thank you in advance for any assistance. John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Humanitarian Assistance and Disaster Relief (HADR) Systems 244 Wood St Lexington, MA 02420 Email: <mailto:john.borresen@ll.mit.edu> john.borresen(a)ll.mit.edu

2 7

SLAPD won't start
by Borresen, John - 0444 - MITLL 13 May '16

13 May '16

This is a resend as the original did not go out for some reason. We have a 3-way multimaster configuration running on CentOS 5.11, OpenLDAP 2.4.40. All three have been up for years, until the other day: Slapd is running on two of the three (server names: ldapserver1, ldapserver2, and ldapserver3). Slapd stopped and won't restart on ldapserver2. >From Logs on ldapserver2: May 10 04:02:13 gp42-admin4 slapd[4541]: slapd shutdown: waiting for 0 operations/tasks to finish May 10 04:02:19 gp42-admin4 slapd[15633]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 10 04:02:19 gp42-admin4 slapd[15633]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 10 04:02:19 gp42-admin4 slapd[15633]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 10 04:02:21 gp42-admin4 slapd[15634]: bdb_db_open: database "cn=accesslog": database already in use. May 10 04:02:21 gp42-admin4 slapd[15634]: backend_startup_one (type=bdb, suffix="cn=accesslog"): bi_db_open failed! (-1) May 10 04:02:21 gp42-admin4 slapd[15634]: slapd stopped. May 10 04:02:22 gp42-admin4 slapd[4541]: slapd stopped. When attempting to restart slapd on server2: May 13 10:13:54 gp42-admin4 slapd[12085]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:13:54 gp42-admin4 slapd[12085]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:13:54 gp42-admin4 slapd[12085]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:13:56 gp42-admin4 slapd[12086]: slapd starting May 13 10:13:56 gp42-admin4 slapd[12086]: do_syncrep2: rid=002 (4096) Content Sync Refresh Required May 13 10:13:56 gp42-admin4 slapd[12086]: do_syncrep2: rid=001 (4096) Content Sync Refresh Required May 13 10:13:57 gp42-admin4 slapd[12086]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995) May 13 10:13:57 gp42-admin4 slapd[12086]: => bdb_dn2id_add 0xfc6: parent (cn=accesslog) insert failed: -30995 May 13 10:13:57 gp42-admin4 slapd[12086]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995) May 13 10:13:57 gp42-admin4 slapd[12086]: => bdb_dn2id_delete 0xf50: parent (cn=accesslog) delete failed: -30995 May 13 10:15:55 gp42-admin4 slapd[12106]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:15:55 gp42-admin4 slapd[12106]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:15:55 gp42-admin4 slapd[12106]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:15:55 gp42-admin4 slapd[12106]: bdb_db_open: database "dc=example,dc=ldap": unclean shutdown detected; attempting recovery. May 13 10:15:57 gp42-admin4 slapd[12106]: bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. May 13 10:15:58 gp42-admin4 slapd[12106]: slapd starting May 13 10:28:49 gp42-admin4 slapd[12255]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:28:49 gp42-admin4 slapd[12255]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:28:49 gp42-admin4 slapd[12255]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:28:50 gp42-admin4 slapd[12255]: bdb_db_open: database "dc=example,dc=com": unclean shutdown detected; attempting recovery. May 13 10:28:50 gp42-admin4 slapd[12255]: bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. May 13 10:28:52 gp42-admin4 slapd[12255]: slapd starting May 13 10:29:24 gp42-admin4 slapd[12264]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:29:24 gp42-admin4 slapd[12264]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:29:24 gp42-admin4 slapd[12264]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:29:24 gp42-admin4 slapd[12264]: bdb_db_open: database "dc=example,dc=ldap": unclean shutdown detected; attempting recovery. May 13 10:29:24 gp42-admin4 slapd[12264]: bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. May 13 10:29:24 gp42-admin4 slapd[12264]: slapd starting May 13 10:29:53 gp42-admin4 slapd[12280]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd May 13 10:29:53 gp42-admin4 slapd[12280]: nss-ldap: do_open: do_start_tls failed:stat=-1 May 13 10:29:53 gp42-admin4 slapd[12280]: nss_ldap: reconnected to LDAP server ldap://ldapserver1.example.com May 13 10:29:53 gp42-admin4 slapd[12280]: bdb_db_open: database "dc=example,dc=ldap": unclean shutdown detected; attempting recovery. May 13 10:29:53 gp42-admin4 slapd[12280]: bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. May 13 10:29:53 gp42-admin4 slapd[12280]: slapd starting May 13 10:32:35 gp42-admin4 slapd[12345]: @(#) $OpenLDAP: slapd 2.4.40 (Sep 30 2014 16:49:45) $#012#011clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2. 4.40/servers/slapd Attempting to restart slapd from the command-line: 5735ed50 slapd starting 5735ed50 => bdb_entry_get: ndn: "cn=accesslog" 5735ed50 => bdb_entry_get: oc: "(null)", at: "(null)" 5735ed50 bdb_idl_fetch_key: %cn=accesslog 5735ed50 bdb_idl_fetch_key: [b49d1940] 5735ed50 bdb_idl_fetch_key: 5735ed50 send_ldap_result: err=0 matched="" text="" 5735ed50 => bdb_entry_get: ndn: "dc=example,dc=com" 5735ed50 => bdb_entry_get: oc: "(null)", at: "contextCSN" ldap_build_search_req ATTRS: reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN ldap_build_search_req ATTRS: reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN => ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com,0) <= ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com,0) <= ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com,0) <= ldap_bv2dn(uid=jdoe,ou=Users,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=jdoe,ou=Users,dc=example,dc=com)=0 5735ed50 => bdb_entry_get: ndn: "uid=jdoe,ou=Users,dc=example,dc=com" 5735ed50 => bdb_entry_get: oc: "(null)", at: "(null)" slapd: search.c:1125: oc_filter: Assertion `f != ((void *)0)' failed. Aborted I have run db_recover on the dbase(s) on ldapserver2 but to no avail. Does anyone have any suggestions? Thank you in advance for any assistance. John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Humanitarian Assistance and Disaster Relief (HADR) Systems 244 Wood St Lexington, MA 02420 Email: john.borresen(a)ll.mit.edu John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Humanitarian Assistance and Disaster Relief (HADR) Systems 244 Wood St Lexington, MA 02420 Ph: (781) 981-1609 Cell: (781) 382-5195 Email: <mailto:john.borresen@ll.mit.edu> john.borresen(a)ll.mit.edu

1 0

OpenLDAP logging and rsyslog
by jeevan kc 12 May '16

12 May '16

Hello everyone,We're migrating our LDAP servers to new RHEL 7. Previously we had RHEL 5.2 and Openldap logging was working just fine with the following config using syslog.· Set up OpenLDAP logging: o (as root user) mkdir /var/log/openldap o (as root user) chmod 755 /var/log/openldap o (as root user) touch /var/log/openldap/openldap.log o (as root user) vi /etc/syslog.conf § Add the line “Local6.* /var/log/openldap/openldap.log” o (as root user) kill –HUP <process ID of syslogd> The new servers have rsyslog instead of syslog and I did the same procedures in rsyslog.conf file, set olcloglevel as sync stats same as in the old server and restarted rsyslog with systemctl restart rsyslog.service .The openldap.log file is empty. I have tried local4 too and same result. My rsyslog.conf file looks like this . Can someone please help me with this? Any help is appreciated. # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)$ModLoad imklog # provides kernel logging support (previously done by rklogd)$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception$ModLoad imudp$UDPServerRun 514 # Provides TCP syslog reception$ModLoad imtcp$InputTCPServerRun 514 #### GLOBAL DIRECTIVES #### # Use default timestamp format$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # File syncing capability is disabled by default. This feature is usually not required,# not useful and an extreme performance hit#$ActionFileEnableSync on # Include all config files in /etc/rsyslog.d/$IncludeConfig /etc/rsyslog.d/*.conf #### RULES #### # Log all kernel messages to the console.# Logging much else clutters up the screen.#kern.* /dev/console # Log anything (except mail) of level info or higher.# Don't log private authentication messages!*.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access.authpriv.* /var/log/secure # Log all the mail messages in one place.mail.* -/var/log/maillogdaemon.* /var/log/daemon.logkern.* /var/log/kern.logsyslog.* /var/log/syslog # Log cron stuffcron.* /var/log/cron # Everybody gets emergency messages*.emerg * # Save news errors of level crit and higher in a special file.uucp,news.crit /var/log/spooler # Save boot messages also to boot.loglocal7.* /var/log/boot.log #OpenLDAP logginglocal6.* /var/log/openldap/openldap.log # ### begin forwarding rule #### The statement between the begin ... end define a SINGLE forwarding# rule. They belong together, do NOT split them. If you create multiple# forwarding rules, duplicate the whole block!# Remote Logging (we use TCP for reliable delivery)## An on-disk queue is created for this action. If the remote host is# down, messages are spooled to disk and sent when it is up again.#$WorkDirectory /var/lib/rsyslog # where to place spool files#$ActionQueueFileName fwdRule1 # unique name prefix for spool files#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown#$ActionQueueType LinkedList # run asynchronously#$ActionResumeRetryCount -1 # infinite retries if host is down# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional#*.* @@remote-host:514# ### end of the forwarding rule ### ## Nessus/CIS compliance items## Send everything to Unix syslog host## Following setting is per Chris Humphrey 6/19/2013*.err;kern.notice;auth.notice;auth.crit;daemon.notice @siem-unix.abc.com## Send httpd logs to Apache syslog host - requires additional apache configdaemon.notice @@SIEM-apache.abc.comauth,user.* /var/log/messages # A template to for higher precision timestamps + severity logging$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" Jeevan

2 2

debugging schema error
by Olivier 11 May '16

11 May '16

Hi, I have to modify the schema used by Mac OS X to access LDAP. What I am trying to do get slapd to fail starting, but I do not get a single error message: in /var/log/debug: May 12 13:08:33 ldap slapd[42028]: @(#) $OpenLDAP: slapd 2.4.41 (Aug 27 2015 15:14:47) $ root@ldap.cs.ait.ac.th:/usr/ports/net/openldap24-server/work/openldap-2.4.41/servers/slapd May 12 13:08:33 ldap slapd[42028]: DIGEST-MD5 common mech free May 12 13:08:33 ldap slapd[42028]: slapd stopped. May 12 13:08:33 ldap slapd[42028]: connections_destroy: nothing to destroy. in /var/log/messages May 12 13:08:33 ldap on: /usr/local/etc/rc.d/slapd: WARNING: failed to start slapd I cannot diagnose much out of that; what can I do to get some proper debug/error information? Best regards, Olivier --

1 0

Re: Cannot re-enable synchronization
by Olivier Nicole 10 May '16

10 May '16

Hi, On Monday I had a major issue, my root CA (for all my encryption) expired, so my LDAP server number 1 became inaccessible. I have a server number 2, running from another root certificate, that did not expire and that was properly replicating from the server number 1, using: syncrepl rid=0 provider=ldaps://ldap server 1/ type=refreshAndPersist bindmethod=simple binddn=cn=Manager,dc=xxx credentials="XXX" searchbase=dc=xxx tls_reqcert=try starttls=yes retry="60 10 300 +" But since I updated the root certificate on server 1, I cannot get the replication. I can still ldapsearch from server 2 to server 1. In the log of server 1 I see a proper connection, but I don't know how to further debug the replication. Best regards, Olivier

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical May 2016