Hi,

 

We are having some replication issues between the our  PDC and BDC LDAP servers. Here are the details

 

Servers:

 

Name: LIN-PDC1.LIN

Role: PDC

SLAPD: openldap-2.4.28

Samba: 3.6.25

Distro: Ubuntu 12.04

 

Name: LIN-PDC2.LIN

Role: BDC

SLAPD: 2.4.31

Samba: 4.3.11

Distro: Ubuntu 14.04

 

LDAP Method: cn=config with smbldap tools

Database: HDB

Management: PHPLAMDIN

Replication Method: refreshAndPersist

 

 

Replication:

 

After importing the LDIFs for Provider and consumer, we found that the in the PDC the oldDatabase(1)HDB was converted from a file to a folder. The contents of the which are below. In BDC it remained a file.

 

 

BDC:

 

LDAP sync related bits from olCDatabase(1)HDB

 

olcSyncrepl: {0}rid=0 provider=ldap://lin-pdc1.lin bindmethod=simple bindd

n="cn=admin,dc=lin" credentials=seceret searchbase="dc=lin" log

base="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))

" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog

olcUpdateRef: ldap://lin-pdc1.lin

 

PDC:

root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# cat olcOverlay\=\{0\}syncprov.ldif

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.

# CRC32 59e49836

dn: olcOverlay={0}syncprov

objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig

olcOverlay: {0}syncprov

olcSpNoPresent: TRUE

structuralObjectClass: olcSyncProvConfig

entryUUID: 977916ca-b8a5-1037-9fec-c19e1fce1248

creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

createTimestamp: 20180310115454Z

entryCSN: 20180310115454.449597Z#000000#000#000000

modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

modifyTimestamp: 20180310115454Z

 

 

root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# cat olcOverlay\=\{1\}accesslog.ldif

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.

# CRC32 98b496b3

dn: olcOverlay={1}accesslog

objectClass: olcOverlayConfig

objectClass: olcAccessLogConfig

olcOverlay: {1}accesslog

olcAccessLogDB: cn=accesslog

olcAccessLogOps: writes

olcAccessLogPurge: 07+00:00 01+00:00

olcAccessLogSuccess: TRUE

structuralObjectClass: olcAccessLogConfig

entryUUID: 97792548-b8a5-1037-9fed-c19e1fce1248

creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

createTimestamp: 20180310115454Z

entryCSN: 20180310115454.449968Z#000000#000#000000

modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

modifyTimestamp: 20180310115454Z

 

Results

 

-          When the sync was first setup, the ldap data from PDC to BDC replicated.

-          The following shows the replication is happening. Not sure if the CSN is meant to be different

 

root@lin-pdc2:/tmp/smbldap_files_lin-pdc2/ldifs# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN

dn: dc=lin

contextCSN: 20180312013413.103495Z#000000#000#000000

root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN

dn: dc=lin

contextCSN: 20180312065856.371133Z#000000#000#000000

 

-          The replication stopped working after the initial dump. Logs from PDC and BDC below

 

PDC

 

slapd[25513]: hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap/accesslog: (2).#012Expect poor performance for suffix

"cn=accesslog".

slapd starting

slapd[25513]: findbase failed! 32

 

BDC

slapd[9799]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (32) No such object

slapd[9799]: do_syncrep2: rid=000 (32) No such object

slapd[9799]: do_syncrepl: rid=000 rc -2 retrying

 

Troubleshooting steps:

 

-          Used IP instead of hostname

-          Used the samba.ldif (schema) file from Samba 3 (BDC) for both PDC and BDC. This is to potentially mitigate issues due to different schema versions

-          Confirmed that the cn=admin,dc=lin password across both DCs are same.

 

Can anyone please advise as to where the issue could be?

 

 

Regards,

 

Praveen Ghimire