All,
The following are excerpts from my multi-master logs and at the end are the cn=config dbase for both systems. I can see that communications are being attempted, but not succeeding. The other day, entries were added to "cn=role2,ou=sudoers,dc=example,dc=ldap" to the Syncrepl...
I have opened up my ACLs (may not be reflected in the cn=config below) for "uid=replicator,ou=Admins,dc=example,dc=ldap" and "cn=ldapadmin,dc=example,dc=ldap". The replicator account is the rootDN for /var/lib/openldap/accesslog with read privs on olcDatabase={1}bdb (primary dbase). The ldapadmin account is the rootDN for the olcDatabase={1}bdb and full write privs on the accesslog dbase.
The olcSyncRepl rids are authenticating to ldapadmin (I removed the binding to replicator for troubleshooting -- alas no affect).
I am hoping some other eyes can see where my mistake(s) are and point me in the correct direction. Honestly, I am not even sure where to start asking questions. If I read the ACLs sections correctly (both in the Admin Guide and man-page), the rootDNs are granted full read/write everywhere privs by default to their respective Databases. So, with that logic I shouldn't have to put the "replicator" in the olcAccess for olcDataBase={2}bdb (accesslog dbase)...only the ldapadmin account should have an entry. Correct? And, I shouldn't have to put the ldapadmin account in the olcAccess for the olcDatabase={1}bdb (primary dbase). Correct?
What am I missing? And where?
MM-SERVER1: 52fce402 PRESENT 52fce402 => access_allowed: search access to "reqStart=20140211203819.000000Z,cn=accesslog" "objectClass" requested 52fce402 => acl_get: [1] attr objectClass 52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "objectClass" requested 52fce402 => acl_mask: to all values by "cn=ldapadmin,dc=example,dc=ldap", (=0) 52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap 52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap 52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop) 52fce402 <= acl_mask: [2] mask: write(=wrscxd) 52fce402 => slap_access_allowed: search access granted by write(=wrscxd) 52fce402 => access_allowed: search access granted by write(=wrscxd) 52fce402 <= test_filter 6 52fce402 => send_search_entry: conn 2109 dn="reqStart=20140211203819.000000Z,cn=accesslog" 52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "entry" requested 52fce402 => acl_get: [1] attr entry 52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "entry" requested 52fce402 => acl_mask: to all values by "cn=ldapadmin,dc=example,dc=ldap", (=0) 52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap 52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap 52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop) 52fce402 <= acl_mask: [2] mask: write(=wrscxd) 52fce402 => slap_access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: result not in cache (reqType) 52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "reqType" requested 52fce402 => acl_get: [1] attr reqType 52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "reqType" requested 52fce402 => acl_mask: to value by "cn=ldapadmin,dc=example,dc=ldap", (=0) 52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap 52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap 52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop) 52fce402 <= acl_mask: [2] mask: write(=wrscxd) 52fce402 => slap_access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: result not in cache (reqDN) 52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "reqDN" requested 52fce402 => acl_get: [1] attr reqDN 52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "reqDN" requested 52fce402 => acl_mask: to value by "cn=ldapadmin,dc=example,dc=ldap", (=0) 52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap 52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap 52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop) 52fce402 <= acl_mask: [2] mask: write(=wrscxd) 52fce402 => slap_access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: result not in cache (reqMod) 52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "reqMod" requested 52fce402 => acl_get: [1] attr reqMod 52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "reqMod" requested 52fce402 => acl_mask: to value by "cn=ldapadmin,dc=example,dc=ldap", (=0) 52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap 52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap 52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop) 52fce402 <= acl_mask: [2] mask: write(=wrscxd) 52fce402 => slap_access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: result was in cache (reqMod) 52fce402 => access_allowed: result was in cache (reqMod) 52fce402 => access_allowed: result was in cache (reqMod) 52fce402 => access_allowed: result not in cache (entryCSN) 52fce402 => access_allowed: read access to "reqStart=20140211203819.000000Z,cn=accesslog" "entryCSN" requested 52fce402 => acl_get: [1] attr entryCSN 52fce402 => acl_mask: access to entry "reqStart=20140211203819.000000Z,cn=accesslog", attr "entryCSN" requested 52fce402 => acl_mask: to value by "cn=ldapadmin,dc=example,dc=ldap", (=0) 52fce402 <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap 52fce402 <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap 52fce402 <= acl_mask: [2] applying write(=wrscxd) (stop) 52fce402 <= acl_mask: [2] mask: write(=wrscxd) 52fce402 => slap_access_allowed: read access granted by write(=wrscxd) 52fce402 => access_allowed: read access granted by write(=wrscxd) 52fce402 conn=2109 op=1 ENTRY dn="reqStart=20140211203819Z,cn=accesslog"
MM-SERVER2: 52fce47a =>do_syncrep2 rid=001 ldap_result ld 0x97b3ed0 msgid 2 wait4msg ld 0x97b3ed0 msgid 2 (infinite timeout) wait4msg continue ld 0x97b3ed0 msgid 2 all 0 ** ld 0x97b3ed0 Connections: * host: mm-server1.example.ldap port: 389 (default) refcnt: 2 status: Connected last used: Thu Feb 13 10:27:54 2014
** ld 0x97b3ed0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x97b3ed0 request count 1 (abandoned 0) ** ld 0x97b3ed0 Response Queue: Empty ld 0x97b3ed0 response count 0 ldap_chkResponseList ld 0x97b3ed0 msgid 2 all 0 ldap_chkResponseList returns ld 0x97b3ed0 NULL ldap_int_select read1msg: ld 0x97b3ed0 msgid 2 all 0 ber_get_next ldap_read: want=8, got=8 0000: 30 81 b2 02 01 02 64 48 0.....dH ldap_read: want=173, got=173 0000: 04 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 30 38 ..cn=accesslog08 0010: 30 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 04 28 06..entryCSN1*.( 0020: 32 30 31 34 30 32 30 33 31 38 33 38 33 31 2e 37 20140203183831.7 0030: 35 31 38 33 38 5a 23 30 30 30 30 30 30 23 30 30 51838Z#000000#00 0040: 31 23 30 30 30 30 30 30 a0 63 30 61 04 18 31 2e 1#000000.c0a..1. 0050: 33 2e 36 2e 31 2e 34 2e 31 2e 34 32 30 33 2e 31 3.6.1.4.1.4203.1 0060: 2e 39 2e 31 2e 32 04 45 30 43 0a 01 01 04 00 04 .9.1.2.E0C...... 0070: 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 30 31 <rid=001,sid=001 0080: 2c 63 73 6e 3d 32 30 31 34 30 32 30 33 31 38 33 ,csn=20140203183 0090: 38 33 31 2e 37 35 31 38 33 38 5a 23 30 30 30 30 831.751838Z#0000 00a0: 30 30 23 30 30 31 23 30 30 30 30 30 30 00#001#000000 ber_get_next: tag 0x30 len 178 contents: ber_dump: buf=0x9764590 ptr=0x9764590 end=0x9764642 len=178 0000: 02 01 02 64 48 04 0c 63 6e 3d 61 63 63 65 73 73 ...dH..cn=access 0010: 6c 6f 67 30 38 30 36 04 08 65 6e 74 72 79 43 53 log0806..entryCS 0020: 4e 31 2a 04 28 32 30 31 34 30 32 30 33 31 38 33 N1*.(20140203183 0030: 38 33 31 2e 37 35 31 38 33 38 5a 23 30 30 30 30 831.751838Z#0000 0040: 30 30 23 30 30 31 23 30 30 30 30 30 30 a0 63 30 00#001#000000.c0 0050: 61 04 18 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 a..1.3.6.1.4.1.4 0060: 32 30 33 2e 31 2e 39 2e 31 2e 32 04 45 30 43 0a 203.1.9.1.2.E0C. 0070: 01 01 04 00 04 3c 72 69 64 3d 30 30 31 2c 73 69 .....<rid=001,si 0080: 64 3d 30 30 31 2c 63 73 6e 3d 32 30 31 34 30 32 d=001,csn=201402 0090: 30 33 31 38 33 38 33 31 2e 37 35 31 38 33 38 5a 03183831.751838Z 00a0: 23 30 30 30 30 30 30 23 30 30 31 23 30 30 30 30 #000000#001#0000 00b0: 30 30 00 read1msg: ld 0x97b3ed0 msgid 2 message type search-entry ber_scanf fmt ({xx) ber: ber_dump: buf=0x9764590 ptr=0x9764593 end=0x9764642 len=175 0000: 64 48 04 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 dH..cn=accesslog 0010: 30 38 30 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 0806..entryCSN1* 0020: 04 28 32 30 31 34 30 32 30 33 31 38 33 38 33 31 .(20140203183831 0030: 2e 37 35 31 38 33 38 5a 23 30 30 30 30 30 30 23 .751838Z#000000# 0040: 30 30 31 23 30 30 30 30 30 30 a0 63 30 61 04 18 001#000000.c0a.. 0050: 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 32 30 33 1.3.6.1.4.1.4203 0060: 2e 31 2e 39 2e 31 2e 32 04 45 30 43 0a 01 01 04 .1.9.1.2.E0C.... 0070: 00 04 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 ..<rid=001,sid=0 0080: 30 31 2c 63 73 6e 3d 32 30 31 34 30 32 30 33 31 01,csn=201402031 0090: 38 33 38 33 31 2e 37 35 31 38 33 38 5a 23 30 30 83831.751838Z#00 00a0: 30 30 30 30 23 30 30 31 23 30 30 30 30 30 30 0000#001#000000 ber_scanf fmt ({a) ber: ber_dump: buf=0x9764590 ptr=0x97645df end=0x9764642 len=99 0000: 30 61 04 18 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 0a..1.3.6.1.4.1. 0010: 34 32 30 33 2e 31 2e 39 2e 31 2e 32 04 45 30 43 4203.1.9.1.2.E0C 0020: 0a 01 01 04 00 04 3c 72 69 64 3d 30 30 31 2c 73 ......<rid=001,s 0030: 69 64 3d 30 30 31 2c 63 73 6e 3d 32 30 31 34 30 id=001,csn=20140 0040: 32 30 33 31 38 33 38 33 31 2e 37 35 31 38 33 38 203183831.751838 0050: 5a 23 30 30 30 30 30 30 23 30 30 31 23 30 30 30 Z#000000#001#000 0060: 30 30 30 000 ber_scanf fmt (o) ber: ber_dump: buf=0x9764590 ptr=0x97645fb end=0x9764642 len=71 0000: 04 45 30 43 0a 01 01 04 00 04 3c 72 69 64 3d 30 .E0C......<rid=0 0010: 30 31 2c 73 69 64 3d 30 30 31 2c 63 73 6e 3d 32 01,sid=001,csn=2 0020: 30 31 34 30 32 30 33 31 38 33 38 33 31 2e 37 35 0140203183831.75 0030: 31 38 33 38 5a 23 30 30 30 30 30 30 23 30 30 31 1838Z#000000#001 0040: 23 30 30 30 30 30 30 #000000 ldap_get_dn_ber ber_scanf fmt ({ml{) ber: ber_dump: buf=0x9764590 ptr=0x9764593 end=0x9764642 len=175 0000: 64 48 04 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 dH..cn=accesslog 0010: 30 38 30 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 0806..entryCSN1* 0020: 04 28 32 30 31 34 30 32 30 33 31 38 33 38 33 31 .(20140203183831 0030: 2e 37 35 31 38 33 38 5a 23 30 30 30 30 30 30 23 .751838Z#000000# 0040: 30 30 31 23 30 30 30 30 30 30 a0 63 30 61 04 18 001#000000.c0a.. 0050: 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 32 30 33 1.3.6.1.4.1.4203 0060: 2e 31 2e 39 2e 31 2e 32 04 45 30 43 0a 01 01 04 .1.9.1.2.E0C.... 0070: 00 04 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 ..<rid=001,sid=0 0080: 30 31 2c 63 73 6e 3d 32 30 31 34 30 32 30 33 31 01,csn=201402031 0090: 38 33 38 33 31 2e 37 35 31 38 33 38 5a 23 30 30 83831.751838Z#00 00a0: 30 30 30 30 23 30 30 31 23 30 30 30 30 30 30 0000#001#000000 ber_scanf fmt ({em) ber: ber_dump: buf=0x950b980 ptr=0x950b980 end=0x950b9c5 len=69 0000: 30 43 0a 01 01 04 00 04 3c 72 69 64 3d 30 30 31 0C......<rid=001 0010: 2c 73 69 64 3d 30 30 31 2c 63 73 6e 3d 32 30 31 ,sid=001,csn=201 0020: 34 30 32 30 33 31 38 33 38 33 31 2e 37 35 31 38 40203183831.7518 0030: 33 38 5a 23 30 30 30 30 30 30 23 30 30 31 23 30 38Z#000000#001#0 0040: 30 30 30 30 30 00000 52fce47a do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD (cn=accesslog) ldap_msgfree ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 17 0000: 30 05 02 01 03 42 00 0....B. ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B. ldap_free_connection: actually freed 52fce47a do_syncrepl: rid=001 rc -1 retrying 52fce47a daemon: activity on 1 descriptor 52fce47a daemon: activity on:52fce47a 52fce47a daemon: epoll: listen=7 active_threads=0 tvp=zero
MM-SERVER2: dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: /usr/local/openldap/etc/openldap/slapd.conf olcConfigDir: /usr/local/openldap/etc/openldap/slapd.d olcArgsFile: /var/lib/openldap/run/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcListenerThreads: 1 olcLocalSSF: 71 olcPidFile: /var/lib/openldap/run/slapd.pid olcReadOnly: FALSE olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCRLCheck: none olcTLSVerifyClient: never olcTLSProtocolMin: 0.0 olcToolThreads: 1 olcWriteTimeout: 0 structuralObjectClass: olcGlobal entryUUID: 1b256f1e-2f15-4538-8a6f-5b021d015e35 creatorsName: cn=config createTimestamp: 20140122200748Z olcLogLevel: stats olcSecurity: tls=0 olcServerID: 1 ldap://mm-server1.example.ldap olcServerID: 2 ldap://mm-server2.example.ldap entryCSN: 20140131211613.134974Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140131211613Z
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModuleLoad: {0}syncprov olcModuleLoad: {1}accesslog structuralObjectClass: olcModuleList entryUUID: 1191cf8f-8d46-4f2e-8aba-e65537210029 creatorsName: cn=admin,cn=config createTimestamp: 20140129175231Z entryCSN: 20140129175429.232704Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140129175429Z
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by self write by users read by anonymous auth olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: 77451682-9629-4753-9a80-5cc0e69a7482 creatorsName: cn=config createTimestamp: 20140122200748Z entryCSN: 20140122200748.381523Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20140122200748Z
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by * none olcAddContentAcl: TRUE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,cn=config olcRootPW:: <password> olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: d7f25d3b-7ad1-4625-a577-a23a22b5494d creatorsName: cn=config createTimestamp: 20140122200748Z entryCSN: 20140122200748.381523Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20140122200748Z
dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {1}bdb olcSuffix: dc=example,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=example,dc=ldap olcRootPW:: <password> olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/openldap/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP$ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}# http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq olcDbIndex: cn eq,sub olcDbIndex: uid eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: automountKey eq olcDbIndex: memberUid eq olcDbIndex: printerURI eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 5a87b5f1-c445-4e0e-ba97-6d2d63093704 creatorsName: cn=config createTimestamp: 20140122200748Z olcMirrorMode: TRUE olcLimits: {0}dn.exact="cn=ldapadmin,dc=example,dc=ldap" size=unlimited time=u nlimited olcSyncrepl: {0}rid=002 provider=ldap://mm-server2.example.ldap bindmethod=simple binddn="uid=replicator,ou=Admins,dc=example,dc=ldap" credentials=<password> interval=01:00:00:00 searchbase="dc=example,dc=ldap" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs="*,+" syncdata=accesslog starttls=no olcSyncrepl: {1}rid=001 provider=ldap://mm-server1.example.ldap bindmethod=simple binddn="uid=replicator,ou=Admins,dc=example,dc=ldap" credentials=<password> interval=01:00:00:00 searchbase="dc=example,dc=ldap" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs="*,+" syncdata=accesslog starttls=no olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn.exact="cn=ldapadmin,dc=example,dc=ldap" write by dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" read by * none olcAccess: {1}to * by * read entryCSN: 20140203200931.503493Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140203200931Z
dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 04afe1bf-40c7-425a-8b25-74f8687323fc creatorsName: cn=admin,cn=config createTimestamp: 20140129180447Z entryCSN: 20140129180447.701059Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140129180447Z
dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: 54b5fa00-8244-41d3-923d-0743a10bf192 creatorsName: cn=admin,cn=config createTimestamp: 20140129180903Z entryCSN: 20140129180903.479192Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140129180903Z
dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcDbDirectory: /var/lib/openldap/accesslog olcSuffix: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcBdbConfig entryUUID: ff63820b-fbe4-4a65-8c00-99e2cc28fca5 creatorsName: cn=admin,cn=config createTimestamp: 20140129175923Z olcAccess: {0}to * by dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" w rite by * none olcLimits: {0}dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" time.soft =unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcRootDN: uid=replicator,ou=Admins,dc=example,dc=ldap entryCSN: 20140203190415.581904Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140203190415Z
dn: olcOverlay={0}syncprov,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 9246709d-7a9b-41f3-bca8-f665add4e4f2 creatorsName: cn=admin,cn=config createTimestamp: 20140129180331Z entryCSN: 20140129180331.702641Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140129180331Z
MM-SERVER2: dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: /usr/local/openldap/etc/openldap/slapd.conf olcConfigDir: /usr/local/openldap/etc/openldap/slapd.d olcArgsFile: /var/lib/openldap/run/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcListenerThreads: 1 olcLocalSSF: 71 olcPidFile: /var/lib/openldap/run/slapd.pid olcReadOnly: FALSE olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCRLCheck: none olcTLSVerifyClient: never olcTLSProtocolMin: 0.0 olcToolThreads: 1 olcWriteTimeout: 0 structuralObjectClass: olcGlobal entryUUID: 84a58742-a1ce-4714-a743-14daf3f40c75 creatorsName: cn=config createTimestamp: 20131218155313Z olcLogLevel: stats olcSecurity: tls=0 olcServerID: 1 ldap://mm-server1.example.ldap olcServerID: 2 ldap://mm-server2.example.ldap entryCSN: 20140131211906.564734Z#000000#002#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140131211906Z contextCSN: 20140206183618.370299Z#000000#002#000000 contextCSN: 20140121211615.993780Z#000000#004#000000
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModuleLoad: {0}syncprov olcModuleLoad: {1}accesslog structuralObjectClass: olcModuleList entryUUID: ab2c7f52-e10f-4233-aa17-ac8b051defcf creatorsName: cn=admin,cn=config createTimestamp: 20140129182320Z entryCSN: 20140129182642.147840Z#000000#002#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140129182642Z
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by self write by users read by anonymous auth olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: 46ec808c-285f-442f-8c70-d5bb8c2d39de creatorsName: cn=config createTimestamp: 20131218155313Z entryCSN: 20131218155313.477459Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20131218155313Z
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by * none olcAddContentAcl: TRUE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,cn=config olcRootPW:: <password> olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: 4354a8b6-8a36-4804-81f8-14a8550aef74 creatorsName: cn=config createTimestamp: 20131218155313Z entryCSN: 20131218155313.477459Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20131218155313Z
dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: 644d3984-d125-446e-aae2-1ddc541f4661 creatorsName: cn=admin,cn=config createTimestamp: 20140121191314Z entryCSN: 20140121191314.076259Z#000000#004#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140121191314Z
dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {1}bdb olcSuffix: dc=example,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=example,dc=ldap olcRootPW:: <password> olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/openldap/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP$ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}# http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}#set_cachesize 0 268435456 1 olcDbConfig: {17}set_cachesize 0 2147483648 1 olcDbConfig: {18} olcDbConfig: {19}# Data Directory olcDbConfig: {20}#set_data_dir db olcDbConfig: {21} olcDbConfig: {22}# Archive/deletion olcDbConfig: {23}set_flags DB_LOG_AUTOREMOVE olcDbConfig: {24} olcDbConfig: {25}# Transaction Log settings olcDbConfig: {26}set_lg_regionmax 262144 olcDbConfig: {27}set_lg_bsize 2097152 olcDbConfig: {28}#set_lg_dir logs olcDbConfig: {29} olcDbConfig: {30}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezMxfSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq olcDbIndex: cn eq,sub olcDbIndex: uid eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: sn eq,sub olcDbIndex: departmentNumber eq olcDbIndex: mail eq,sub olcDbIndex: automountKey eq olcDbIndex: memberUid eq olcDbIndex: printerURI eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 94ff450b-aa70-4507-9ca6-51cdd740ea3e creatorsName: cn=config createTimestamp: 20131218155313Z olcMirrorMode: TRUE olcLimits: {0}dn.exact="cn=ldapadmin,dc=example,dc=ldap" size=unlimited time=u nlimited olcSyncrepl: {0}rid=001 provider=ldap://mm-server1.example.ldap bindmethod=si mple binddn="uid=replicator,ou=Admins,dc=example,dc=ldap" credentials=<password> interval=01:00:00:00 searchbase="dc=example,dc=ldap" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs="*,+" syncdata=accesslog starttls=no olcSyncrepl: {1}rid=002 provider=ldap://mm-server2.example.ldap bindmethod=si mple binddn="uid=replicator,ou=Admins,dc=example,dc=ldap" credentials=<password> interval=01:00:00:00 searchbase="dc=example,dc=ldap" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs="*,+" syncdata=accesslog starttls=no olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn.exact="cn=ldapadmin,dc=example,dc=ldap" write by dn.exact="uid=r eplicator,ou=Admins,dc=example,dc=ldap" read olcAccess: {1}to * by * read entryCSN: 20140206183618.370299Z#000000#002#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140206183618Z dn: olcOverlay={0}accesslog,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {0}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: 6e4e1508-5eb9-4372-bbd1-813f859b0acc creatorsName: cn=admin,cn=config createTimestamp: 20140129182321Z entryCSN: 20140129182321.004272Z#000000#002#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140129182321Z
dn: olcOverlay={1}syncprov,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 9108e0db-ba9e-4b40-b743-4016c61582bc creatorsName: cn=admin,cn=config createTimestamp: 20140129183014Z entryCSN: 20140129183014.073365Z#000000#002#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140129183014Z
dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcDbDirectory: /var/lib/openldap/accesslog olcSuffix: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcBdbConfig entryUUID: 9b42a346-de9b-42d5-8a3b-3167f80d4b01 creatorsName: cn=admin,cn=config createTimestamp: 20140129182320Z olcAccess: {0}to * by dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" w rite by * none olcLimits: {0}dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" time.soft =unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcRootDN: uid=replicator,ou=Admins,dc=example,dc=ldap entryCSN: 20140203190210.968231Z#000000#002#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140203190210Z
dn: olcOverlay={0}syncprov,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 0366206b-4295-4463-952c-0b233646c24d creatorsName: cn=admin,cn=config createTimestamp: 20140129182831Z entryCSN: 20140129182831.866738Z#000000#002#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140129182831Z
dn: olcDatabase={3}monitor,cn=config objectClass: olcDatabaseConfig olcAccess: {0}to dn.children="cn=monitor" by dn.children="cn=admin,cn=config" read olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcMonitoring: TRUE structuralObjectClass: olcDatabaseConfig entryUUID: 691d6dfc-82af-4e12-8f03-be93d5d5436b creatorsName: cn=admin,cn=config createTimestamp: 20140114170424Z entryCSN: 20140114170424.436842Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20140114170424Z olcDatabase: {3}monitor
Thanks in advance,
John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Surveillance Systems Group 244 Wood St Lexington, MA 02420 Ph: (781) 981-1609 Email: john.borresen@ll.mit.edu