Hi,
We are having some replication issues between the our PDC and BDC LDAP servers. Here are the details
Servers:
Name: LIN-PDC1.LIN Role: PDC SLAPD: openldap-2.4.28 Samba: 3.6.25 Distro: Ubuntu 12.04
Name: LIN-PDC2.LIN Role: BDC SLAPD: 2.4.31 Samba: 4.3.11 Distro: Ubuntu 14.04
LDAP Method: cn=config with smbldap tools Database: HDB Management: PHPLAMDIN Replication Method: refreshAndPersist
Replication:
After importing the LDIFs for Provider and consumer, we found that the in the PDC the oldDatabase(1)HDB was converted from a file to a folder. The contents of the which are below. In BDC it remained a file.
BDC:
LDAP sync related bits from olCDatabase(1)HDB
olcSyncrepl: {0}rid=0 provider=ldap://lin-pdc1.lin bindmethod=simple bindd n="cn=admin,dc=lin" credentials=seceret searchbase="dc=lin" log base="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0)) " schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog olcUpdateRef: ldap://lin-pdc1.lin
PDC: root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb#mailto:root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase=%7b1%7dhdb# cat olcOverlay={0}syncprov.ldif # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 59e49836 dn: olcOverlay={0}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 977916ca-b8a5-1037-9fec-c19e1fce1248 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp: 20180310115454Z entryCSN: 20180310115454.449597Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20180310115454Z
root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb#mailto:root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase=%7b1%7dhdb# cat olcOverlay={1}accesslog.ldif # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 98b496b3 dn: olcOverlay={1}accesslog objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: 97792548-b8a5-1037-9fed-c19e1fce1248 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp: 20180310115454Z entryCSN: 20180310115454.449968Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20180310115454Z
Results
- When the sync was first setup, the ldap data from PDC to BDC replicated.
- The following shows the replication is happening. Not sure if the CSN is meant to be different
root@lin-pdc2:/tmp/smbldap_files_lin-pdc2/ldifs# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN dn: dc=lin contextCSN: 20180312013413.103495Z#000000#000#000000 root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb#mailto:root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase=%7b1%7dhdb# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN dn: dc=lin contextCSN: 20180312065856.371133Z#000000#000#000000
- The replication stopped working after the initial dump. Logs from PDC and BDC below
PDC
slapd[25513]: hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap/accesslog: (2).#012Expect poor performance for suffix "cn=accesslog". slapd starting slapd[25513]: findbase failed! 32
BDC slapd[9799]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (32) No such object slapd[9799]: do_syncrep2: rid=000 (32) No such object slapd[9799]: do_syncrepl: rid=000 rc -2 retrying
Troubleshooting steps:
- Used IP instead of hostname
- Used the samba.ldif (schema) file from Samba 3 (BDC) for both PDC and BDC. This is to potentially mitigate issues due to different schema versions
- Confirmed that the cn=admin,dc=lin password across both DCs are same.
Can anyone please advise as to where the issue could be?
Regards,
Praveen Ghimire