Hello all,
I'm trying to set up delta-syncrepl on a test setup, consisting of a producer plus consumer running openldap 2.4.45. ( I'll put relevant parts of both producer and consumer config at the end of this post. ) I'm following the instructions from the openldap manual ( chapter 18.3.2 ) as much as possible. Both slapd's start up but replication isn't happening. I get the following messages in the logs:
producer: 2017-08-18T14:54:39.153754+02:00 pro slapd[10098]: send_search_entry: conn 1278 ber write failed. 2017-08-18T14:54:44.157627+02:00 pro slapd[10098]: send_search_entry: conn 1279 ber write failed. 2017-08-18T14:54:49.368758+02:00 pro slapd[10098]: send_search_entry: conn 1281 ber write failed. 2017-08-18T14:55:09.390341+02:00 pro slapd[10098]: send_search_entry: conn 1283 ber write failed. 2017-08-18T14:55:19.395091+02:00 pro slapd[10098]: send_search_entry: conn 1284 ber write failed.
consumer: 2017-08-18T14:54:39.153660+02:00 del slapd[25530]: do_syncrep2: rid=001 got search entry without Sync State control (reqStart=20170815125023.000001Z,cn=accesslog) 2017-08-18T14:54:39.154089+02:00 del slapd[25530]: do_syncrepl: rid=001 rc -1 retrying (1 retries left) 2017-08-18T14:54:44.157539+02:00 del slapd[25530]: do_syncrep2: rid=001 got search entry without Sync State control (reqStart=20170815125023.000001Z,cn=accesslog) 2017-08-18T14:54:44.158156+02:00 del slapd[25530]: do_syncrepl: rid=001 rc -1 retrying 2017-08-18T14:54:49.368843+02:00 del slapd[25530]: do_syncrep2: rid=001 got search entry without Sync State control (reqStart=20170815125023.000001Z,cn=accesslog) 2017-08-18T14:54:49.369446+02:00 del slapd[25530]: do_syncrepl: rid=001 rc -1 retrying 2017-08-18T14:54:59.383750+02:00 del slapd[25530]: do_syncrep2: rid=001 got search entry without Sync State control (reqStart=20170815125023.000001Z,cn=accesslog) 2017-08-18T14:54:59.384369+02:00 del slapd[25530]: do_syncrepl: rid=001 rc -1 retrying 2017-08-18T14:55:09.390382+02:00 del slapd[25530]: do_syncrep2: rid=001 got search entry without Sync State control (reqStart=20170815125023.000001Z,cn=accesslog) 2017-08-18T14:55:09.390971+02:00 del slapd[25530]: do_syncrepl: rid=001 rc -1 retrying 2017-08-18T14:55:19.395206+02:00 del slapd[25530]: do_syncrep2: rid=001 got search entry without Sync State control (reqStart=20170815125023.000001Z,cn=accesslog)
When I do a search on the producer from the consumer I get results that look like I would expect to see:
ldapsearch -x -h pro.hku.nl -b "cn=accesslog" -D cn=dsyncuser,dc=hku,dc=nl -w ****** "(&(objectClass=auditWriteObject)(reqResult=0))" (...) # 20170817170609.000001Z, accesslog dn: reqStart=20170817170609.000001Z,cn=accesslog objectClass: auditAdd reqStart: 20170817170609.000001Z reqEnd: 20170817170610.000000Z reqType: add reqSession: 1 reqAuthzID: cn=root,dc=hku,dc=nl reqDN: nlHkuID=77454,ou=People,dc=hku,dc=nl reqResult: 0 reqMod: objectClass:+ top reqMod: objectClass:+ posixAccount reqMod: objectClass:+ shadowAccount reqMod: objectClass:+ inetOrgPerson reqMod: objectClass:+ nlHkuPerson reqMod: objectClass:+ eduPerson reqMod: objectClass:+ apple-user reqMod: objectClass:+ sambaSamAccount reqMod: ou:+ People reqMod: authAuthority:+ ;basic; reqMod: nlHkuID:+ 77454 reqMod: loginShell:+ /bin/false reqMod: gidNumber:+ 300 (...) reqMod: structuralObjectClass:+ nlHkuPerson reqMod: entryUUID:+ 1b7405d0-17ba-1037-98e3-99bbae3c2a53 reqMod: creatorsName:+ cn=root,dc=hku,dc=nl reqMod: createTimestamp:+ 20170817170608Z reqMod: entryCSN:+ 20170817170608.603041Z#000000#000#000000 reqMod: modifiersName:+ cn=root,dc=hku,dc=nl reqMod: modifyTimestamp:+ 20170817170608Z reqEntryUUID: 1b7405d0-17ba-1037-98e3-99bbae3c2a53 (...)
The producer config has:
(...) dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}back_mdb.so olcModuleLoad: {1}dynlist.so olcModuleLoad: {2}accesslog.so olcModuleLoad: {3}syncprov.so olcModuleLoad: {4}smbk5pwd.so structuralObjectClass: olcModuleList (...) dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=hku,dc=nl olcAccess: {0}to * by dn.base="cn=dsyncuser,dc=hku,dc=nl" read by * break (...) olcAccess: {15}to * by * read olcAddContentAcl: FALSE olcLastMod: TRUE olcLimits: {0}dn.exact="cn=root,dc=hku,dc=nl" size=unlimited time=unlimited olcLimits: {1}dn.exact="cn=dsyncuser,dc=hku,dc=nl" size=unlimited time=unlim ited olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=root,dc=hku,dc=nl olcRootPW:: *** olcSyncUseSubentry: FALSE olcMonitoring: TRUE (...) dn: olcOverlay={1}accesslog,olcDatabase={1}mdb,cn=config objectClass: olcAccessLogConfig objectClass: olcOverlayConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE (...) dn: olcOverlay={2}syncprov,olcDatabase={1}mdb,cn=config objectClass: olcSyncProvConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {2}syncprov olcSpCheckpoint: 100 10 olcSpSessionlog: 100 olcSpNoPresent: TRUE olcSpReloadHint: TRUE structuralObjectClass: olcSyncProvConfig (...)
dn: olcDatabase={2}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {2}mdb olcDbDirectory: /var/lib/ldap-accesslog olcSuffix: cn=accesslog olcAccess: {0}to * by dn.base="cn=dsyncuser,dc=hku,dc=nl" read olcLimits: {0}dn.exact="cn=dsyncuser,dc=hku,dc=nl" size=unlimited time=unlim ited olcRootDN: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart olcDbMaxSize: 1047483648 structuralObjectClass: olcMdbConfig (...)
Parts from the consumer config:
(...) dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}back_mdb.so olcModuleLoad: {1}dynlist.so structuralObjectClass: olcModuleList (...) dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=hku,dc=nl olcAccess: {0}to * by dn.base="cn=dsyncuser,dc=hku,dc=nl" read by * break (...) olcAccess: {15}to * by * read olcAddContentAcl: FALSE olcLastMod: TRUE olcLimits: {0}dn.exact="cn=root,dc=hku,dc=nl" size=unlimited time=unlimited olcLimits: {1}dn.exact="cn=dsyncuser,dc=hku,dc=nl" size=unlimited time=unlim ited olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=replroot,dc=hku,dc=nl olcRootPW:: ***** olcSyncUseSubentry: FALSE olcSyncrepl: {0}rid=001 provider=ldap://pro.hku.nl bindmethod=simple binddn= "cn=dsyncuser,dc=hku,dc=nl" credentials="****" tls_cert="/etc/ssl/certs /del_cert.pem" tls_key="/etc/ssl/private/del_key.pem" tls_cacertdir="/etc/s sl/certs" tls_reqcert=demand tls_crlcheck=none logbase="cn=accesslog" logfi lter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog se archbase="dc=hku,dc=nl" schemachecking=on type=refreshAndPersist retry="5 5 10 +" olcMonitoring: TRUE olcDbIndex: default pres,eq olcDbIndex: objectClass eq olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq olcDbIndex: cn eq,sub (...) olcDbMaxReaders: 0 olcDbMaxSize: 12147483648 olcDbMode: 0600 olcDbSearchStack: 16 structuralObjectClass: olcMdbConfig
Thank you for taking the time to read all this, any remarks on how to get this going will be very much appreciated! Best regards,
gerard