Hi List,

I have trouble with my fresh setup openLDAP Master/Slave sync.

The slave stops syncing every few hours with the message shown below. If I restart the slave things start working again. I monitored the network connectivity between th hosts and there is no issue with that.

Debug output running slapd -d 256 -d 128

5b23c9dc do_syncrep2: rid=001 (-1) Can't contact LDAP server

5b23c9dc do_syncrepl: rid=001 rc -1 retrying (4 retries left)

/var/log/syslog:

Jun 15 16:14:52 ldap-server slapd[5178]: do_syncrep2: rid=001 (-1) Can't contact LDAP server

Jun 15 16:14:52 ldap-server slapd[5178]: do_syncrepl: rid=001 rc -1 retrying (4 retries left)

I'm running

Ubuntu 16.04.4

openLDAP 2.4.42 (from Ubuntu repository)

on both servers.

I setup the sync using these LDIF files on master:

dn: olcDatabase={1}mdb,cn=config

changetype: modify

delete: olcAccess

olcAccess: {0}

-

add: olcAccess

olcAccess: {0}to attrs=userPassword,shadowLastChange

  by dn="cn=admin,dc=domain,dc=com" write

  by dn="cn=replicator,dc=domain,dc=com" write

  by self write

  by anonymous auth

  by * none

-

delete: olcAccess

olcAccess: {2}

-

add: olcAccess

olcAccess: {2}to *

  by dn="cn=admin,dc=domain,dc=com" manage

  by dn="cn=replicator,dc=domain,dc=com" manage

  by self write

  by anonymous auth

  by users read

dn: cn=module{0},cn=config

changetype: modify

add: olcModuleLoad

olcModuleLoad: syncprov.la

dn: olcDatabase={1}mdb,cn=config

changetype: modify

add: olcDbIndex

olcDbIndex: entryUUID,entryCSN eq

dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config

changetype: add

objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig

olcOverlay: syncprov

On the Slave I imported these LDIF files:

dn: cn=module{0},cn=config

changetype: modify

add: olcModuleLoad

olcModuleLoad: syncprov.la

dn: olcDatabase={1}mdb,cn=config

changetype: modify

add: olcDbIndex

olcDbIndex: entryUUID,entryCSN eq

dn: olcDatabase={1}mdb,cn=config

changetype: modify

add: olcSyncRepl

olcSyncRepl: rid=001

  provider=ldap://ldap-master.domain.com/

  bindmethod=simple

  binddn="cn=replicator,dc=domain,dc=com"

  credentials=PASSWORD

  searchbase="dc=domain,dc=com"

  scope=sub

  schemachecking=on

  type=refreshAndPersist

  retry="30 5 300 3"

  interval=00:00:00:30

  starttls=yes

  tls_reqcert=allow

I'm really new to openLDAP so please let me know how to provide additional Info if you need them.

Thanks and best regards,

Kai