Am 23.09.20 um 21:55 schrieb Quanah Gibson-Mount:
--On Wednesday, September 23, 2020 9:23 AM -0700 Quanah Gibson-Mount quanah@symas.com wrote:
We started with the provider. After importing the database and starting the slapd on the new provider, we get errors for the syncrepl state on all consumer systems: "Can't get Context CSN with SID <x> from ldap+tls://localhost. Please set SID with -I option."
You left out most of the configuration bits so it's impossible to say how you've done this. Certainly not an error I've ever seen. Please provide the full provider config MINUS passwords.
This does not look like the config for the provider, as requested.
Or to be more precise, you talk about multiple providers, but the config you sent could at most be the config for a single provider, in which case I think I'd expect the error you have hit, since multiprovider replication requires the providers to have non-zero serverID's.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
We use cfengine to generate the configuration for all our LDAP servers. Provider and Consumer. To make it easier to handle we split the configuration in different parts. Some are simply copied and some are generated from templates or JSON files. This process is controled by machine classes and hostnames. Each part starts with this header:
######################################### # # # THIS FILE IS CONTROLLED BY CFENGINE # # # # *** DO NOT EDIT LOCALLY *** # # # #########################################
All those different fragments are includes for the slapd.conf. What I've send are the configuration parts for one specific provider.
The consumers that are associated with this provider, do get a different slapd.inc file, with the same index definitions and the consumer part of the configuration. And of course they do get other certificate names in the slapd.conf.
Regards Berthold Cogel