Hello list,
Openldap 2.4.45 here, on 1 producer and 4 consumers. ( I'll attach relevant parts of the configuration at the end of this message. ) Following the scripts from test059, I configured the producer to serve up a cn=config backend for the consumers. This seems to work nicely at first: When you start a consumer from a minimal config, it loads the producers schemafiles and the cn=config, and replication of the main database is fine. Also, when fi. changing the loglevel on the producers cn=config,cn=slave, the consumers pick up this change in their cn=config. However, when I modify an olcAccess line on the producers cn=config,cn=slave database, I get these errors on the consumer:
slapd[26324]: syncrepl_message_to_entry: rid=002 DN: olcDatabase={1}mdb,cn=config,cn=slave, UUID: 7cff5ef6-90b1-1037-9d95-6dfd3149c2dc slapd[26324]: syncrepl_entry: rid=002 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) slapd[26324]: syncrepl_entry: rid=002 inserted UUID 7cff5ef6-90b1-1037-9d95-6dfd3149c2dc slapd[26324]: syncrepl_entry: rid=002 be_search (0) slapd[26324]: syncrepl_entry: rid=002 olcDatabase={1}mdb,cn=config slapd[26324]: null_callback : error code 0x43 slapd[26324]: syncrepl_entry: rid=002 be_modify olcDatabase={1}mdb,cn=config (67) slapd[26324]: syncrepl_entry: rid=002 be_modify failed (67) slapd[26324]: do_syncrepl: rid=002 rc 67 retrying
From the error code ox43, it seems that the replication is somehow
trying to change the rdn, olcDatabase{1}mdb, on the consumer, which makes no sense to me.
From the producer, cn=config,cn=slave:
( This is identical to the consumer's cn=config )
dn: cn=config,cn=slave objectClass: olcGlobal objectClass: olcConfig objectClass: top cn: slaveconfig cn: config olcArgsFile: /var/run/slapd/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConfigDir: slapd.d/ olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexIntLen: 4 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcLocalSSF: 71 olcLogFile: none olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid olcReadOnly: FALSE olcSaslSecProps: noplain,noanonymous olcSizeLimit: 20000 olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCACertificatePath: /etc/ssl/certs olcTLSCertificateFile: /etc/ssl/certs/hkuwildcardcacert.cert olcTLSCertificateKeyFile: /etc/ssl/private/hkuwildcardcacert.key olcTLSCRLCheck: none olcTLSVerifyClient: never olcToolThreads: 2
I'll leave the rest PM, except for:
dn: olcDatabase={0}config,cn=config,cn=slave objectClass: olcDatabaseConfig objectClass: olcConfig objectClass: top olcDatabase: {0}config olcRootDN: cn=root,cn=config olcRootPW: xxxxxxxxxxxxxx olcSyncrepl: {0}rid=002 provider=ldap://xxx.xx.xx bindmethod=simple binddn="cn=config,cn=slave" credentials="xxxx" tls_cert="/etc/ssl/certs/xxx.cert" tls_key="/etc/ssl/private/xxx.key" tls_cacertdir="/etc/ssl/certs" tls_reqcert=demand tls_crlcheck=none searchbase="cn=config,cn=slave" schemachecking=off type=refreshAndPersist retry="5 5 10 +" suffixmassage="cn=config" olcSyncUseSubentry: FALSE
This is identical to the consumers olcDatabase={0}config,cn=config entry.
Hopefully somebody can point me in the right direction! Many thanks in advance,
gerard