All,
I've read and re-read (not to mentioned googled) configuring SyncRepl in OpenLDAP dynamic configuration (cn=config)--v2.4.23. Missing something somewhere. Current logging is set to "256" on both Provider and Consumer.
On my Master/Provider LDAP server seeing the following:
slapd shutdown: waiting for 0 operations/tasks to finish
slapd shutdown: initiated
bdb_modify: dc=group42,dc=ldap
bdb_dn2entry("dc=group42,dc=ldap")
bdb_modify_internal: 0x00000001: dc=group42,dc=ldap
bdb_modify_internal: replace contextCSN
=> entry_encode(0x00000001): dc=group42,dc=ldap
<= entry_encode(0x00000001): dc=group42,dc=ldap
bdb_modify: updated id=00000001 dn="dc=group42,dc=ldap"
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=0 matched="" text=""
====> bdb_cache_release_all
====> bdb_cache_release_all
slapd destroy: freeing system resources.
On my Consumer/Slave Server I am seeing the following:
slapd destroy: freeing system resources.
syncinfo_free: rid=001
slapd stopped.
tail: /var/log/slapd: file truncated
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
From my readings, I understand that the "Sync State Control" error normally
indicates that my provider is not set up correctly. As far as I can tell, my modules are correctly loaded and the overlays are loaded to the appropriate database (my case, bdb) to be replicated.
The following is from the Provider/Master LDAP Server:
My olcDatabase-{1}bdb.ldif (truncated):
# more olcDatabase={1}bdb.ldif
dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcSuffix: dc=group42,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
olcRootPW:: *******
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap_db/openldap-data
olcDbCacheSize: 1000
... olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: cn,uid eq,sub
olcDbIndex: uidNumber eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: ipHostNumber eq
olcDbIndex: gidNumber,memberUID eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8
creatorsName: cn=config
createTimestamp: 20111219143532Z
olcDbSearchStack: 32
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo
us auth by * none
olcAccess: {1} to * by * read
olcDatabase: {1}bdb
entryCSN: 20120313143637.046410Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20120313143637Z
# ll olcDatabase={1}bdb
total 16
-rw------- 1 ldap ldap 453 Mar 12 10:50 olcOverlay={0}syncprov.ldif
-rw------- 1 ldap ldap 505 Feb 29 11:16 olcOverlay={1}accesslog.ldif
The olcOverlay={0}syncrpov.ldif
# more olcDatabase={1}bdb/olcOverlay={0}syncprov.ldif
dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca
creatorsName: cn=admin,cn=config
createTimestamp: 20120224171809Z
olcSpReloadHint: TRUE
olcSpCheckpoint: 1000 60
entryCSN: 20120312145000.123929Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120312145000Z
The olcOverlay={1}accesslog.ldif:
# more olcDatabase={1}bdb/olcOverlay={1}accesslog.ldif
dn: olcOverlay={1}accesslog
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
entryUUID: eea1e438-6385-4660-807b-bb270eb4843a
creatorsName: cn=admin,cn=config
createTimestamp: 20120229161649Z
entryCSN: 20120229161649.880441Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120229161649Z
***The following is on the Consumer/Slave Server***
The olcDatabase={2}bdb.ldif (truncated):
# more olcDatabase={2}bdb.ldif
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcSuffix: dc=group42,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
olcRootPW:: *********
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap_db/openldap-data
olcDbCacheSize: 1000
...
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq,sub
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo
us auth by * none
olcAccess: {1} to * by * read
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008
creatorsName: cn=config
createTimestamp: 20120229205835Z
olcDatabase: {2}bdb
olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636
olcMirrorMode: TRUE
olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod
=simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=******* interva
l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach
ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs=
"*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23
/etc/openldap/cacerts
entryCSN: 20120313150609.224840Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120313150609Z
Not sure what I am missing, nor where I am missing it. Any assistance would be helpful.
Dave Borresen
Solaris/Linux Systems Administrator
Surveillance Systems Group
MIT Lincoln Laboratory
244 Wood Street
Lexington, MA 02420
P: 781-981-2954
F: 781-981-5344
john.borresen@ll.mit.edu