On 16/07/13 18:36, Quanah Gibson-Mount wrote:
are the olcAccess rules identical between the two?
When you bind via ldapi, if you examine the logs at 256, is the search being mapped to the same DN on both master and replicas?
Hi Quanah, yes, the olcAccess is identical (I've even diffed them). I forgot to mention the version - it's 2.4.28-1.1ubuntu5, the debug logs look like this on the slave:
51e58768 conn=1002 fd=20 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi) 51e58768 conn=1002 op=0 BIND dn="" method=163 51e58768 conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 51e58768 conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 51e58768 conn=1002 op=0 RESULT tag=97 err=0 text= 51e58768 conn=1002 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 51e58768 conn=1002 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= 51e58768 conn=1002 op=2 UNBIND 51e58768 conn=1002 fd=20 closed
and this on the master: 51e5881d conn=1000 fd=16 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi) 51e5881d conn=1000 op=0 BIND dn="" method=163 51e5881d conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 51e5881d conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 51e5881d conn=1000 op=0 RESULT tag=97 err=0 text= 51e5881d conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 51e5881d conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 51e5881d conn=1000 op=2 UNBIND 51e5881d conn=1000 fd=16 closed
Thanks,
Adrian