OPENLDAP SYNCREPL

All,

I've read and re-read (not to mentioned googled) configuring SyncRepl in OpenLDAP dynamic configuration (cn=config)--v2.4.23. Missing something somewhere. Current logging is set to "256" on both Provider and Consumer.

On my Master/Provider LDAP server seeing the following:

slapd shutdown: waiting for 0 operations/tasks to finish

slapd shutdown: initiated

bdb_modify: dc=group42,dc=ldap

bdb_dn2entry("dc=group42,dc=ldap")

bdb_modify_internal: 0x00000001: dc=group42,dc=ldap

bdb_modify_internal: replace contextCSN

=> entry_encode(0x00000001): dc=group42,dc=ldap

<= entry_encode(0x00000001): dc=group42,dc=ldap

bdb_modify: updated id=00000001 dn="dc=group42,dc=ldap"

send_ldap_result: conn=-1 op=0 p=0

send_ldap_result: err=0 matched="" text=""

====> bdb_cache_release_all

====> bdb_cache_release_all

slapd destroy: freeing system resources.

On my Consumer/Slave Server I am seeing the following:

slapd destroy: freeing system resources.

syncinfo_free: rid=001

slapd stopped.

tail: /var/log/slapd: file truncated

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

do_syncrep2: rid=001 got search entry without Sync State control

do_syncrepl: rid=001 rc -1 retrying

From my readings, I understand that the "Sync State Control" error normally

indicates that my provider is not set up correctly. As far as I can tell, my modules are correctly loaded and the overlays are loaded to the appropriate database (my case, bdb) to be replicated.

The following is from the Provider/Master LDAP Server:

My olcDatabase-{1}bdb.ldif (truncated):

# more olcDatabase={1}bdb.ldif

dn: olcDatabase={1}bdb

objectClass: olcDatabaseConfig

objectClass: olcBdbConfig

olcSuffix: dc=group42,dc=ldap

olcAddContentAcl: FALSE

olcLastMod: TRUE

olcMaxDerefDepth: 15

olcReadOnly: FALSE

olcRootDN: cn=ldapadmin,dc=group42,dc=ldap

olcRootPW:: *******

olcSyncUseSubentry: FALSE

olcMonitoring: TRUE

olcDbDirectory: /var/lib/ldap_db/openldap-data

olcDbCacheSize: 1000

... olcDbNoSync: FALSE

olcDbDirtyRead: FALSE

olcDbIDLcacheSize: 0

olcDbIndex: objectClass eq

olcDbIndex: sn eq,sub

olcDbIndex: mail eq,sub

olcDbIndex: departmentNumber eq

olcDbIndex: cn,uid eq,sub

olcDbIndex: uidNumber eq

olcDbIndex: entryCSN eq

olcDbIndex: entryUUID eq

olcDbIndex: ipHostNumber eq

olcDbIndex: gidNumber,memberUID eq

olcDbLinearIndex: FALSE

olcDbMode: 0600

olcDbShmKey: 0

olcDbCacheFree: 1

olcDbDNcacheSize: 0

structuralObjectClass: olcBdbConfig

entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8

creatorsName: cn=config

createTimestamp: 20111219143532Z

olcDbSearchStack: 32

olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo

us auth by * none

olcAccess: {1} to * by * read

olcDatabase: {1}bdb

entryCSN: 20120313143637.046410Z#000000#001#000000

modifiersName: cn=config

modifyTimestamp: 20120313143637Z

# ll olcDatabase={1}bdb

total 16

-rw------- 1 ldap ldap 453 Mar 12 10:50 olcOverlay={0}syncprov.ldif

-rw------- 1 ldap ldap 505 Feb 29 11:16 olcOverlay={1}accesslog.ldif

The olcOverlay={0}syncrpov.ldif

# more olcDatabase={1}bdb/olcOverlay={0}syncprov.ldif

dn: olcOverlay={0}syncprov

objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig

olcOverlay: {0}syncprov

olcSpNoPresent: TRUE

structuralObjectClass: olcSyncProvConfig

entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca

creatorsName: cn=admin,cn=config

createTimestamp: 20120224171809Z

olcSpReloadHint: TRUE

olcSpCheckpoint: 1000 60

entryCSN: 20120312145000.123929Z#000000#001#000000

modifiersName: cn=admin,cn=config

modifyTimestamp: 20120312145000Z

The olcOverlay={1}accesslog.ldif:

# more olcDatabase={1}bdb/olcOverlay={1}accesslog.ldif

dn: olcOverlay={1}accesslog

objectClass: olcOverlayConfig

objectClass: olcAccessLogConfig

olcOverlay: {1}accesslog

olcAccessLogDB: cn=accesslog

olcAccessLogOps: writes

olcAccessLogPurge: 07+00:00 01+00:00

olcAccessLogSuccess: TRUE

structuralObjectClass: olcAccessLogConfig

entryUUID: eea1e438-6385-4660-807b-bb270eb4843a

creatorsName: cn=admin,cn=config

createTimestamp: 20120229161649Z

entryCSN: 20120229161649.880441Z#000000#000#000000

modifiersName: cn=admin,cn=config

modifyTimestamp: 20120229161649Z

***The following is on the Consumer/Slave Server***

The olcDatabase={2}bdb.ldif (truncated):

# more olcDatabase={2}bdb.ldif

dn: olcDatabase={2}bdb

objectClass: olcDatabaseConfig

objectClass: olcBdbConfig

olcSuffix: dc=group42,dc=ldap

olcAddContentAcl: FALSE

olcLastMod: TRUE

olcMaxDerefDepth: 15

olcReadOnly: FALSE

olcRootDN: cn=ldapadmin,dc=group42,dc=ldap

olcRootPW:: *********

olcMonitoring: TRUE

olcDbDirectory: /var/lib/ldap_db/openldap-data

olcDbCacheSize: 1000

...

olcDbNoSync: FALSE

olcDbDirtyRead: FALSE

olcDbIDLcacheSize: 0

olcDbIndex: objectClass eq

olcDbIndex: cn,uid eq,sub

olcDbIndex: sn eq,sub

olcDbIndex: mail eq,sub

olcDbIndex: departmentNumber eq

olcDbIndex: entryCSN eq

olcDbIndex: entryUUID eq

olcDbIndex: uidNumber eq

olcDbIndex: gidNumber eq

olcDbLinearIndex: FALSE

olcDbMode: 0600

olcDbSearchStack: 16

olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo

us auth by * none

olcAccess: {1} to * by * read

olcDbShmKey: 0

olcDbCacheFree: 1

olcDbDNcacheSize: 0

structuralObjectClass: olcBdbConfig

entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008

creatorsName: cn=config

createTimestamp: 20120229205835Z

olcDatabase: {2}bdb

olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636

olcMirrorMode: TRUE

olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod

=simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=******* interva

l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach

ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs=

"*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23

/etc/openldap/cacerts

entryCSN: 20120313150609.224840Z#000000#000#000000

modifiersName: cn=admin,cn=config

modifyTimestamp: 20120313150609Z

Not sure what I am missing, nor where I am missing it. Any assistance would be helpful.

Dave Borresen

Solaris/Linux Systems Administrator

Surveillance Systems Group

MIT Lincoln Laboratory

244 Wood Street

Lexington, MA 02420

P: 781-981-2954

F: 781-981-5344

john.borresen@ll.mit.edu