Borresen, John - 0442 - MITLL wrote:
Thanks, Howard;
In hindsight, if my config looks jumbled, it is...that's what I get for doing little things in a quasi-blind attempt at solving issues.
Quanah's followup was correct: you have the consumer configured for delta-syncrepl but you're missing the provider on your cn=accesslog database.
See the Admin Guide section 18.3.2. http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20dif...
*******Here is the output of slapcat on the Provider:**********
# slapcat -s olcDatabase={1}bdb,cn=config dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/1 2/18 11:53:27 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}#http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: cn,uid eq,sub olcDbIndex: uidNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: ipHostNumber eq olcDbIndex: gidNumber,memberUID eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8 creatorsName: cn=config createTimestamp: 20111219143532Z olcDbSearchStack: 32 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDatabase: {1}bdb olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" size=unlimited time=u nlimited entryCSN: 20120313163732.658240Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313163732Z
dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca creatorsName: cn=admin,cn=config createTimestamp: 20120224171809Z olcSpReloadHint: TRUE olcSpCheckpoint: 1000 60 entryCSN: 20120312145000.123929Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120312145000Z
dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: eea1e438-6385-4660-807b-bb270eb4843a creatorsName: cn=admin,cn=config createTimestamp: 20120229161649Z entryCSN: 20120229161649.880441Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120229161649Z
# slapcat -s olcDatabase={2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDbDirectory: /var/lib/ldap_db/accesslog olcSuffix: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcBdbConfig entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48 creatorsName: cn=admin,cn=config createTimestamp: 20120229153826Z olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" time.soft=unlimited t ime.hard=unlimited size.soft=unlimited size.hard=unlimited olcDatabase: {2}bdb entryCSN: 20120313143637.046410Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20120313143637Z
################################################ ***Here is the output of slapcat from the Consumer*** # slapcat -s olcDatabase={2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4 2007/1 2/18 11:51:46 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}#http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008 creatorsName: cn=config createTimestamp: 20120229205835Z olcDatabase: {2}bdb olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636 olcMirrorMode: TRUE olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod =simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=********* interva l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs= "*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23 /etc/openldap/cacerts entryCSN: 20120313150609.224840Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313150609Z
dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {0}memberof structuralObjectClass: olcMemberOf entryUUID: 363ad8ed-872c-4fff-99c1-4f73d3e8055d creatorsName: cn=admin,cn=config createTimestamp: 20120302121345Z entryCSN: 20120302121345.220702Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302121345Z
dn: olcOverlay={1}syncprov,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 69ca3f6a-1ac4-45f9-88ca-eb7f67ca7b63 creatorsName: cn=admin,cn=config createTimestamp: 20120302141557Z entryCSN: 20120302141557.545770Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302141557Z
I know that the two systems are communicating, at least, at the client level and attempting to at the slapd level. As stated earlier, the only error I'm seeing consistently on the Consumer is: do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying
David Borresen ph: 781-981-2954 email: john.d.borresen@ll.mit.edu
-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Tuesday, March 13, 2012 2:01 PM To: Borresen, John - 0442 - MITLL Cc: Quanah Gibson-Mount; openldap-technical@openldap.org Subject: Re: OPENLDAP SYNCREPL
Borresen, John - 0442 - MITLL wrote:
Thanks, Quanah;
As requested:
That was clearly not the problem; if the syncprov module was missing your config would have caused slapd to fail to start. Also it was clearly present
since you had it updating the contextCSN in your shutdown log. Quanah, you should have already seen that and not sent him on a wild goose chase.
And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG DIRECTORY.
Use the database administration tools. For your previous case, you should have simply used: slapcat -s olcDatabase={1}bdb,cn=config
Make sure the consumer is talking to the server you think it is. Show slapd -d7 output from the provider while the consumer is trying to connect.