Hi,
i have setup a new multimaster with mirrormode = true cluster with Debian 9 and openldap 2.4.44.
There are two Servers ldap1 and ldap2. As its just a lab Environment there is no need to hide passwords and stuff:
/etc/ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 8fb04e78 dn: olcDatabase={1}mdb objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=localdomain olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non e olcAccess: {1}to attrs=loginShell,gecos by dn="cn=admin,dc=localdomain" writ e by self write by * read olcAccess: {2}to attrs=shadowLastChange by self write by * read olcAccess: {3}to * by * read olcAccess: {4}to attrs=userPassword,shadowLastChange by self write by anonym ous auth by dn="cn=admin,dc=localdomain" write by dn="cn=mirrormode,dc=loca ldomain" read by * none olcLastMod: TRUE olcRootDN: cn=admin,dc=localdomain olcRootPW:: e1NTSEF9Z05GbEJIRHE1aTNpa0ZsYVk0WVh3VTM4SkF0VkF0b3Q= olcDbCheckpoint: 512 30 olcDbIndex: member,memberUid eq olcDbIndex: cn pres,sub,eq olcDbIndex: uid pres,sub,eq olcDbIndex: displayName pres,sub,eq olcDbIndex: default sub olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: mail,givenName eq,subinitial olcDbIndex: dc eq olcDbIndex: objectClass,entryCSN,entryUUID eq olcDbMaxSize: 1073741824 structuralObjectClass: olcMdbConfig entryUUID: e9f1dcca-5978-1037-8f17-b1d4dc2a991d creatorsName: cn=admin,cn=config createTimestamp: 20171109090544Z olcMirrorMode: TRUE olcSyncrepl: {0}rid=001 provider=ldap://10.211.55.20:389 bindmethod=simple b inddn="cn=mirrormode,dc=localdomain" credentials=iechi1Eid_ie:quu searchbas e="dc=localdomain" schemachecking=on type=refreshAndPersist retry="60 +" entryCSN: 20171109101419.176516Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20171109101419Z
Here is my Database, its on both ldap servers identical - i dumped this on both servers and ran a diff slapcat:
dn: dc=localdomain objectClass: top objectClass: dcObject objectClass: organization o: localdomain dc: localdomain structuralObjectClass: organization creatorsName: cn=admin,dc=localdomain entryUUID: 1854fd30-597f-1037-9872-eb46faf4f5e0 createTimestamp: 20171109094959Z entryCSN: 20171109094959.802699Z#000000#000#000000 modifiersName: cn=admin,dc=localdomain modifyTimestamp: 20171109094959Z contextCSN: 20171109100725.365127Z#000000#000#000000
dn: cn=admin,dc=localdomain objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9Z05GbEJIRHE1aTNpa0ZsYVk0WVh3VTM4SkF0VkF0b3Q= structuralObjectClass: organizationalRole entryUUID: e9f75c72-5978-1037-8289-d381257e6532 creatorsName: cn=admin,dc=localdomain createTimestamp: 20171109090545Z entryCSN: 20171109090545.033599Z#000000#000#000000 modifiersName: cn=admin,dc=localdomain modifyTimestamp: 20171109090545Z
dn: cn=mirrormode,dc=localdomain objectClass: simpleSecurityObject objectClass: organizationalRole cn: mirrormode description: Syncrepl user for mirrormode operation structuralObjectClass: organizationalRole entryUUID: 49734c42-5979-1037-9e9b-d338d82a2242 creatorsName: cn=admin,dc=localdomain createTimestamp: 20171109090825Z userPassword:: e1NTSEF9T3hzeUVnanhLTThZSDJjK3JweG1sM2pWOG5USEkwS1c= entryCSN: 20171109100725.365127Z#000000#000#000000 modifiersName: cn=admin,dc=localdomain modifyTimestamp: 20171109100725Z
And this is the error i get only on ldap1 after setting up replication on both servers:
Nov 9 12:36:16 ldap1 slapd[17296]: Entry (cn=admin,dc=localdomain): object class 'simpleSecurityObject' requires attribute 'userPassword' Nov 9 12:36:16 ldap1 slapd[17296]: null_callback : error code 0x41 Nov 9 12:36:16 ldap1 slapd[17296]: syncrepl_entry: rid=001 be_add cn=admin,dc=localdomain failed (65) Nov 9 12:36:16 ldap1 slapd[17296]: do_syncrepl: rid=001 rc 65 retrying
Any Ideas how could solve this?
Best regards Dennis