I increased the logging and found this upon starting up the provider:

 

=> bdb_search

bdb_dn2entry("cn=accesslog")

=> access_allowed: search access to "cn=accesslog" "entry" requested

<= root access granted

=> access_allowed: search access granted by manage(=mwrscxd)

search_candidates: base="cn=accesslog" (0x00000001) scope=1

=> bdb_dn2idl("cn=accesslog")

bdb_idl_fetch_key: %cn=accesslog

<= bdb_dn2idl: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)

bdb_search_candidates: failed (rc=-30988)

bdb_search: no candidates

 

I realised that I hadn’t created a cn=accesslog.

 

I’ve done that now with an ldif file, results of an ldapsearch on that entry below,  but still get the same error.

 

ldapsearch -x -b dc=city,dc=ac,dc=uk cn=accesslog

version: 1

dn: cn=accesslog,dc=city,dc=ac,dc=uk

objectClass: auditContainer

cn: accesslog

 

Is there something more I need to do for the cn=accesslog to work?

 

From: Gocher, Mark [mailto:Mark.Gocher.1@city.ac.uk]
Sent: 01 June 2010 09:51
To: openldap-technical@openldap.org
Subject: Syncrepl - ldap_bind: Invalid credentials error

 

I’m receiving the following error on my consumer, using logging -d stats + args + trace + sync 2> /var/log/ldap

 

@(#) $OpenLDAP: slapd 2.4.22 (May 21 2010 12:10:42) $

        @cambridge:/usr/local/openldap-2.4.22/servers/slapd

slapd starting

slap_client_connect: URI=ldap://oxford.unix1.city.ac.uk:389 DN="cn=replicator,dc=city,dc=ac,dc=uk" ldap_sasl_bind_s failed (49)

 

 

I can see from the documentation that my consumer is not authenticating to my provider, but I can’t see what the error is. If any other info would help please let me know.

 

I have created the uid for replicator and repeated this search with the ‘access to attrs=userPassword’ line commented out on the provider to ensure that the userPassword for replicator is clear text ‘secret’. I can also perform this search from the consumer successfully.

 

ldapsearch -x -b dc=city,dc=ac,dc=uk uid=replicator

version: 1

dn: uid=replicator,ou=users,dc=city,dc=ac,dc=uk

objectClass: person

objectClass: posixAccount

objectClass: inetOrgPerson

sn: replicator

cn: replicator

uid: replicator

uidNumber: 22258

gidNumber: 22258

homeDirectory: /export/home/replicator

userPassword: secret

displayName: replicator

mail: None

labeledURI: None

description: openLDAP replication id

 

 

Consumer ldap.conf:

 

database        bdb

suffix          "dc=city,dc=ac,dc=uk"

rootdn          "cn=DSAmgr,dc=city,dc=ac,dc=uk"

rootpw         {CRYPT}*******

directory       /var/opt/csw/openldap-data     

index   default         pres,eq,sub

index   objectClass     eq

index   cn

index   sn

index   uid

access to attrs=userPassword

        by anonymous auth

        by * none

 

access to * by * read

index entryUUID eq

syncrepl  rid=0

               provider=ldap://oxford.unix1.city.ac.uk:389

               bindmethod=simple

               binddn="cn=replicator,dc=city,dc=ac,dc=uk"

               credentials=secret

               searchbase="dc=city,dc=ac,dc=uk"

               logbase="cn=accesslog"

               logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"

               schemachecking=on

               type=refreshAndPersist

               retry="60 +"

               syncdata=accesslog

updateref               ldap://oxford.unix1.city.ac.uk

database monitor

 

Provider ldap.conf:

database        bdb

suffix          "dc=city,dc=ac,dc=uk"

rootdn          "cn=DSAmgr,dc=city,dc=ac,dc=uk"

rootpw         {CRYPT}aZmvWMwFgg.vk

 

directory       /var/opt/csw/openldap-data     

index   default         pres,eq,sub

index   objectClass     eq

index   cn

index   sn

index   uid

access to *

        by dn.base="cn=replicator,dc=city,dc=ac,dc=uk" read

        by * break

 

access to attrs=userPassword

       by anonymous auth

       by * none

 

access to *

        by * read

 

modulepath /usr/local/openldap-2.4.22

moduleload back_bdb.la

moduleload accesslog.la

moduleload syncprov.la

database bdb

suffix cn=accesslog

directory /var/opt/csw/accesslog

rootdn cn=accesslog

index default eq

index objectClass,reqEnd,reqResult,reqStart

 

overlay syncprov

syncprov-nopresent TRUE

syncprov-reloadhint TRUE

limits dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited

#     database bdb

#     suffix "dc=dc=city,dc=ac,dc=uk"

#     rootdn "cn=DSAmgr,dc=city,dc=ac,dc=uk"

index entryCSN eq

index entryUUID eq

overlay syncprov

syncprov-checkpoint 1000 60

overlay accesslog

logdb cn=accesslog

logops writes

logsuccess TRUE

logpurge 99+00:00 00+00:01

 

# Let the replica DN have limitless searches

limits dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited

database monitor