I've upgraded my 2 ldap servers to 2.4.39 and have been trying to get mirror mode to work with no luck. I've removed out for now TLS and using ldap:///
The issue I've had since 2.4.23 version and now is "LDAP_RES_INTERMEDIATE - REFRESH_DELETE" Everything else works but have run into this issue that can't resolve. I've looked up in the forum for other references to this, but not seeing a clear resolution. Others, keep getting additional messages beyond this, but mine stops at this. I've tried running also with slapd -h "ldapi:/// ldap:///" -d 7 but getting stuck as well
Your help is greatly appreciated!
[root@ldap-east ~]# slapd -d sync 54243242 @(#) $OpenLDAP: slapd 2.4.39 (Sep 17 2014 15:14:19) $
root@admin.xxxxx.net:/root/rpmbuild/BUILD/openldap-2.4.39/openldap-2.4.39/servers/slapd 54243242 /etc/openldap/slapd.conf: line 226: rootdn is always granted unlimited privileges. 54243242 slapd starting 54243242 do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
Provider/Master side - slapd.conf (ldap-east) ------------------------------------------- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/sudo.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
modulepath /usr/lib/openldap modulepath /usr/lib64/openldap
moduleload accesslog.la moduleload rwm.la moduleload syncprov.la
disallow bind_anon
moduleload back_bdb moduleload back_ldap
backend bdb
database monitor access to * by dn.exact="cn=Manager,dc=xxxxx,dc=net" read by * none
database bdb suffix "dc=xxxxx,dc=net" checkpoint 1024 15 rootdn "cn=Manager,dc=xxxxx,dc=net" rootpw xxxxx
directory /var/lib/ldap
access to * by dn.base="cn=TestSync,ou=Roles,dc=xxxxx,dc=net" write by * break
access to attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=xxxxx,dc=net" write by anonymous auth by self write by * none
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryCSN,entryUUID eq
serverID 1 overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 100
#LDAP Sync - Slave syncrepl rid=001 provider=ldap://ldap-west.xxxxx.net bindmethod=simple binddn="cn=TestSync,ou=Roles,dc=xxxxx,dc=net" credentials="xxxxxx" searchbase="dc=xxxxx,dc=net" schemachecking=off type=refreshAndPersist retry="60 +" filter="(objectclass=*)" attrs="*,+" mirrormode on
loglevel -1
Consumer/Slave side - slapd.conf (ldap-west) - only difference is the replication section ------------------------------------------- ....
serverID 2 overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 100
#LDAP Sync - Master syncrepl rid=001 provider=ldap://ldap-east.xxxxx.net bindmethod=simple binddn="cn=TestSync,ou=Roles,dc=xxxxx,dc=net" credentials="xxxxxx" searchbase="dc=xxxxx,dc=net" schemachecking=off type=refreshAndPersist retry="60 +" filter="(objectclass=*)" attrs="*,+" mirrormode on