On 05/08/2017 05:51 PM, Weiner, Michael wrote:
Searching through the archives, helpful information, but I wasn't able to find anything that quite matched my issue. Some background, I am running CentOS 7 with OpenLDAP version 2.4.40 and I have been following along a tutorial I found here:
http://linoxide.com/linux-how-to/setup-openldap-multi-master-replication-cen...
everything goes well, of course,until the very last step where I have to add the replication information, I recreated this ldif:
dn: cn=config changetype: modify replace: olcServerID olcServerID: 101 ldap://lri-ldap1 olcServerID: 201 ldap://lri-ldap2 olcServerID: 301 ldap://lri-ldap3 olcServerID: 401 ldap://lri-ldap4
dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://lri-ldap1:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=002 provider=ldap://lri-ldap2:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=003 provider=ldap://lri-ldap3:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=004 provider=ldap://lri-ldap4:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00
add: olcMirrorMode olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
and then ldapmodify -Y EXTERNAL -H ldapi:/// -f rp.ldif on all 4 masters, and what I get is, they are all just sitting there not providing me with a prompt:
[root@lri-ldap4 openldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f rp.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
and I cannot tell what it is actually doing at this stage. I check systemctl status spald:
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 RESULT tag=97 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 MOD dn="cn=config" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 MOD attr=olcServerID May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 RESULT tag=103 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 MOD dn="olcDatabase={2}hdb,cn=config" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 MOD attr=olcSyncRepl olcMirrorMode May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 RESULT tag=103 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=3 ADD dn="olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
And that's where it stops, but I never get a prompt on any of the masters. Has anyone else seen this? Where did I go wrong? And how can I move forward?
It is not clear what do you mean by prompt. What you expect to happen ? Is the database dc=lerner,dc=ccf,dc=org empty ? What is the loglevel ? try to set it to stats and sync and check the syslog.
olcLogLevel: stats olcLogLevel: sync