I suspect I've broken a fundamental rule of how sync works on OpenLDAP but here goes ...
We've been running a single OpenLDAP server for a while now so I wanted to get some resiliency into place. We are using version 2.4.28 on Ubuntu 12.04.
The original machine is a VM so I cloned it and built two further servers from that clone. I then followed the instructions in https://help.ubuntu.com/12.04/serverguide/openldap-server.html to add the provider bits to server A and the consumer bits to server B.
That works fine.
So, since I had a working consumer, I added the provider bits to the original LDAP server and changed the configuration on server B so that it queries that server and not server A. Syncing now fails and I'm getting the following in the log:
slapd[8201]: conn=1059 fd=18 ACCEPT from IP=127.0.0.1:52374 (IP=0.0.0.0:389) slapd[8201]: conn=1059 op=0 BIND dn="cn=XXX,dc=YYY,dc=ZZZ" method=128 slapd[8201]: conn=1059 op=0 BIND dn="cn=XXX,dc=YYY,dc=ZZZ" mech=SIMPLE ssf=0 slapd[8201]: conn=1059 op=0 RESULT tag=97 err=0 text= slapd[8201]: conn=1059 op=1 SRCH base="cn=accesslog" scope=2 deref=0 filter="(&(?objectClass=auditWriteObject)(?reqResult=0))" slapd[8201]: conn=1059 op=1 SRCH attr=reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN slapd[8201]: conn=1059 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= slapd[8201]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (32) No such object slapd[8201]: do_syncrep2: rid=000 (32) No such object slapd[8201]: conn=1059 op=2 UNBIND
I've double-checked the configuration on the provider and if I revert the configuration on server B so that it consumes from server A, it all works again.
Have I broken a fundamental rule? If I have, how can I fix it? If I haven't, what have I done wrong?
Thanks.
Philip