I have set up a slave ldap server for syncrepl and seem to be unable to get it to repicate. There is nothing logged on the slave at all. ACL logging on the master shows the slave connecting and seeming to get access - see below.
On the MAIN SERVER I HAVE access to attrs=userPassword,shadowLastChange by self =xw by anonymous auth by dn="cn=sync,dc=my company,dc=com" read by * none
access to * by self write by dn="cn=sync,dc=my company,dc=com" read by users read by * read
# Replication stuff overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 200
ON THE SLAVE I HAVE access to * by self write by dn="cn=sync,dc=my company,dc=com" write by users read by anonymous auth
loglevel sync config acl logfile /tmp/ldaptmp
syncrepl rid=123 provider=ldaps://envy.my company.com type=refreshOnly interval=01:00:00:00 searchbase="dc=my company,dc=com" filter="(objectClass=*)" scope=sub attrs="*,+" schemachecking=off retry="60 10 300 3" logbase="cn=accesslog" syncdata=accesslog bindmethod=simple binddn="cn=sync,dc=my company,dc=com" credentials="password"
AUTH OUTPUT FROM THE MASTER
Nov 26 10:48:04 envy slapd[19774]: => acl_mask: to value by "", (=0) Nov 26 10:48:04 envy slapd[19774]: <= check a_dn_pat: self Nov 26 10:48:04 envy slapd[19774]: <= check a_dn_pat: cn=sync,dc=imagreendriver,dc=com Nov 26 10:48:04 envy slapd[19774]: <= check a_dn_pat: users Nov 26 10:48:04 envy slapd[19774]: <= check a_dn_pat: * Nov 26 10:48:04 envy slapd[19774]: <= acl_mask: [4] applying read(=rscxd) (stop) Nov 26 10:48:04 envy slapd[19774]: <= acl_mask: [4] mask: read(=rscxd) Nov 26 10:48:04 envy slapd[19774]: => slap_access_allowed: read access granted by read(=rscxd)
AN LDAP SEARCH QUERY produces zip on slave ldapsearch -H ldaps:/// -x -b 'dc=my company,dc=com' '(objectclass=*)' -s sub # extended LDIF # # LDAPv3 # base <dc=my company,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1