Hi,
i have setup a new multimaster with mirrormode = true cluster with
Debian 9 and openldap 2.4.44.
There are two Servers ldap1 and ldap2.
As its just a lab Environment there is no need to hide passwords and stuff:
/etc/ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 8fb04e78
dn: olcDatabase={1}mdb
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=localdomain
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non
e
olcAccess: {1}to attrs=loginShell,gecos by dn="cn=admin,dc=localdomain" writ
e by self write by * read
olcAccess: {2}to attrs=shadowLastChange by self write by * read
olcAccess: {3}to * by * read
olcAccess: {4}to attrs=userPassword,shadowLastChange by self write by anonym
ous auth by dn="cn=admin,dc=localdomain" write by dn="cn=mirrormode,dc=loca
ldomain" read by * none
olcLastMod: TRUE
olcRootDN: cn=admin,dc=localdomain
olcRootPW:: e1NTSEF9Z05GbEJIRHE1aTNpa0ZsYVk0WVh3VTM4SkF0VkF0b3Q=
olcDbCheckpoint: 512 30
olcDbIndex: member,memberUid eq
olcDbIndex: cn pres,sub,eq
olcDbIndex: uid pres,sub,eq
olcDbIndex: displayName pres,sub,eq
olcDbIndex: default sub
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: mail,givenName eq,subinitial
olcDbIndex: dc eq
olcDbIndex: objectClass,entryCSN,entryUUID eq
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
entryUUID: e9f1dcca-5978-1037-8f17-b1d4dc2a991d
creatorsName: cn=admin,cn=config
createTimestamp: 20171109090544Z
olcMirrorMode: TRUE
olcSyncrepl: {0}rid=001 provider=ldap://10.211.55.20:389 bindmethod=simple b
inddn="cn=mirrormode,dc=localdomain" credentials=iechi1Eid_ie:quu searchbas
e="dc=localdomain" schemachecking=on type=refreshAndPersist retry="60 +"
entryCSN: 20171109101419.176516Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20171109101419Z
Here is my Database, its on both ldap servers identical - i dumped
this on both servers and ran a diff
slapcat:
dn: dc=localdomain
objectClass: top
objectClass: dcObject
objectClass: organization
o: localdomain
dc: localdomain
structuralObjectClass: organization
creatorsName: cn=admin,dc=localdomain
entryUUID: 1854fd30-597f-1037-9872-eb46faf4f5e0
createTimestamp: 20171109094959Z
entryCSN: 20171109094959.802699Z#000000#000#000000
modifiersName: cn=admin,dc=localdomain
modifyTimestamp: 20171109094959Z
contextCSN: 20171109100725.365127Z#000000#000#000000
dn: cn=admin,dc=localdomain
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9Z05GbEJIRHE1aTNpa0ZsYVk0WVh3VTM4SkF0VkF0b3Q=
structuralObjectClass: organizationalRole
entryUUID: e9f75c72-5978-1037-8289-d381257e6532
creatorsName: cn=admin,dc=localdomain
createTimestamp: 20171109090545Z
entryCSN: 20171109090545.033599Z#000000#000#000000
modifiersName: cn=admin,dc=localdomain
modifyTimestamp: 20171109090545Z
dn: cn=mirrormode,dc=localdomain
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: mirrormode
description: Syncrepl user for mirrormode operation
structuralObjectClass: organizationalRole
entryUUID: 49734c42-5979-1037-9e9b-d338d82a2242
creatorsName: cn=admin,dc=localdomain
createTimestamp: 20171109090825Z
userPassword:: e1NTSEF9T3hzeUVnanhLTThZSDJjK3JweG1sM2pWOG5USEkwS1c=
entryCSN: 20171109100725.365127Z#000000#000#000000
modifiersName: cn=admin,dc=localdomain
modifyTimestamp: 20171109100725Z
And this is the error i get only on ldap1 after setting up replication
on both servers:
Nov 9 12:36:16 ldap1 slapd[17296]: Entry (cn=admin,dc=localdomain):
object class 'simpleSecurityObject' requires attribute 'userPassword'
Nov 9 12:36:16 ldap1 slapd[17296]: null_callback : error code 0x41
Nov 9 12:36:16 ldap1 slapd[17296]: syncrepl_entry: rid=001 be_add
cn=admin,dc=localdomain failed (65)
Nov 9 12:36:16 ldap1 slapd[17296]: do_syncrepl: rid=001 rc 65 retrying
Any Ideas how could solve this?
Best regards
Dennis