Hello.
I'm struggling a bit with setting up syncrepl replication between two OpenLDAP servers (using version 2.4.39 compiled by the LTB project, on top of RHEL6, if that matters in this case).
Does anyone here have some suggestions on what I should look deeper into here? Is it a known newbie-error I'm making? I can post configuration files, describe how I attempt to set up the replication etc.
The two servers have a replicated cn=config, in addition to two suffixes with their own HDB backend. The first of those suffixes are meant for administrative data, replication user account, etc., and the second suffix is for some end-user accounts/settings.
I seem to have managed to get the first HDB backend to replicate, but I can't get the 2nd to work for some reason (most likely because I'm doing something wrong).
When I start OpenLDAP with some debug logging, I see several log line, but the first ones that catches my interest looks like:
53ac30ff slapd starting 53ac30ff slap_client_connect: URI=ldap://ldap01-testing.aminor.no DN="cn=replicator,ou=admins,ou=internal,o=aminor" ldap_sasl_bind_s failed (49) 53ac30ff do_syncrepl: rid=005 rc 49 retrying (4 retries left)
(this was seen on the node ldap02-testing.aminor.no. The hostnames exist in DNS internally, the two nodes can see each other on the IP level etc.)
Both the working and non-working suffix are configured to use the same replication user (which lives in the 1st suffix). In my case, I have 2 hdb backends, one seems to replicate just fine, the other doesn't. I can use ldapsearch on the suffix for that non-replicating hdb from both nodes to both nodes, and get replies back (running ldapsearch -x, with -D and -w giving the cn=replicator,ou=admins...etc. and password).
I went to the #openldap IRC channel and asked about this issue earlier today, and I saw another person ask about the same "ldap_sasl_bind_s failed (49)" error message as well. He was using a somewhat older OpenLDAP though (2.4.23) on Debian though.
Regards Eivind Olsen