Hello,
Was setting up replication for our LDAP server, and was following the guide here, https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP#Setti...
I had success with this guide but just a problem with authentication, I could see in the ldap debug log for node1 entries like this:
Jul 20 16:21:22 node1 slapd[10218]: conn=3497 fd=38 ACCEPT from IP=<node1's IP>:34606 (IP=0.0.0.0:389) Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=0 BIND dn="cn=Manager,dc=genome,dc=arizona,dc=edu" method=128 Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=0 BIND dn="cn=Manager,dc=genome,dc=arizona,dc=edu" mech=SIMPLE ssf=0 Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=0 RESULT tag=97 err=0 text= Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=1 MOD dn="olcDatabase={1}bdb,cn=config" Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=1 MOD attr=olcSyncrepl Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=1 RESULT tag=103 err=0 text= Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=2 MOD dn="olcDatabase={1}bdb,cn=config" Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=2 MOD attr=olcMirrorMode Jul 20 16:21:22 node1 slapd[10218]: slap_client_connect: URI=ldap://node2.genome.arizona.edu DN="cn=ldapreader,dc=genome,dc=arizona,dc=edu" ldap_sasl_bind_s failed (49) Jul 20 16:21:22 node1 slapd[10218]: do_syncrepl: rid=001 rc 49 retrying Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=2 RESULT tag=103 err=0 text= Jul 20 16:21:22 node1 slapd[10218]: conn=3497 op=3 UNBIND Jul 20 16:21:22 node1 slapd[10218]: conn=3497 fd=38 closed
and in the debug log for node2 entries like this:
Jul 20 16:21:22 node2 slapd[25327]: conn=14036 fd=17 ACCEPT from IP=<node1's IP>:56460 (IP=0.0.0.0:389) Jul 20 16:21:22 node2 slapd[25327]: conn=14036 op=0 BIND dn="cn=ldapreader,dc=genome,dc=arizona,dc=edu" method=128 Jul 20 16:21:22 node2 slapd[25327]: conn=14036 op=0 RESULT tag=97 err=49 text= Jul 20 16:21:22 node2 slapd[25327]: conn=14036 op=1 UNBIND Jul 20 16:21:22 node2 slapd[25327]: conn=14036 fd=17 closed
It turns out i had literally used credentials="secret" in the add-replication-node1/node2.ldif files! So I went back and used slappasswd to generate a new password and put it into the ldapreader.ldif and use ldapmodify instead this time with success on both nodes,
[root@node1 openldap]# cat ldapreader.ldif dn: cn=ldapreader,dc=genome,dc=arizona,dc=edu changetype: modify replace: userPassword userPassword: <hash from slappasswd> [root@node1 openldap]# ldapmodify -x -W -D "cn=Manager,dc=genome,dc=arizona,dc=edu" -f ldapreader.ldif Enter LDAP Password: modifying entry "cn=ldapreader,dc=genome,dc=arizona,dc=edu" [root@node1 openldap]#
[root@node2 openldap]# cat ldapreader.ldif dn: cn=ldapreader,dc=genome,dc=arizona,dc=edu changetype: modify replace: userPassword userPassword: <hash from slappwasswd> [root@node2 openldap]# ldapmodify -x -W -D "cn=Manager,dc=genome,dc=arizona,dc=edu" -f ldapreader.conf Enter LDAP Password: modifying entry "cn=ldapreader,dc=genome,dc=arizona,dc=edu" [root@node2 openldap]#
Then I updated the add-replication-node1/node2.ldif to modify the entry with the actual password instead of "secret"... on node1 i got two success messages,
[root@node1 openldap]# cat add-replication-node1.ldif dn: olcDatabase={1}bdb,cn=config changetype: modify replace: olcSyncrepl olcSyncrepl: rid=001 provider=ldap://node2.genome.arizona.edu binddn="cn=ldapreader,dc=genome,dc=arizona,dc=edu" bindmethod=simple credentials="<actual password>" searchbase="dc=genome,dc=arizona,dc=edu" type=refreshAndPersist timeout=0 network-timeout=0 retry="60 +"
dn: olcDatabase={1}bdb,cn=config changetype: modify replace: olcMirrorMode olcMirrorMode: TRUE [root@node1 openldap]# ldapmodify -x -W -D "cn=Manager,dc=genome,dc=arizona,dc=edu" -f add-replication-node1.ldif Enter LDAP Password: modifying entry "olcDatabase={1}bdb,cn=config"
modifying entry "olcDatabase={1}bdb,cn=config"
[root@node1 openldap]#
However when I went to modify the entries on node2, I now got the error <olcMirrorMode> database is not a shadow,
[root@node2 openldap]# cat add-replication-node2.ldif dn: olcDatabase={1}bdb,cn=config changetype: modify replace: olcSyncrepl olcSyncrepl: rid=002 provider=ldap://node1.genome.arizona.edu binddn="cn=ldapreader,dc=genome,dc=arizona,dc=edu" bindmethod=simple credentials="<actual password>" searchbase="dc=genome,dc=arizona,dc=edu" type=refreshAndPersist timeout=0 network-timeout=0 retry="60 +"
dn: olcDatabase={1}bdb,cn=config changetype: modify replace: olcMirrorMode olcMirrorMode: TRUE [root@node2 openldap]# ldapmodify -x -W -D "cn=Manager,dc=genome,dc=arizona,dc=edu" -f add-replication-node2.ldif Enter LDAP Password: modifying entry "olcDatabase={1}bdb,cn=config"
modifying entry "olcDatabase={1}bdb,cn=config" ldap_modify: Other (e.g., implementation specific) error (80) additional info: <olcMirrorMode> database is not a shadow
[root@node2 openldap]#
Now the replication has stopped and there are no connection entries in the ldap debug logs. So what did i do wrong and how to get replication going again?
Thanks,