Hrm... my previous post seems to have gone MIA, hopefully this one won't do the same.
I have a pair of servers running 2.4.28 built with BerkeleyDB 5.2.36, in a multi-master setup. I was having issues with synchronization (namely, it wasn't syncing) and decided to rebuild the second server. I nuked etc/slapd.d/* as well as the contents of the cn=accesslog and main DIT directories, leaving behind only the DB_CONFIG files.
I dumped the first server's cn=config tree using slapcat -b cn=config, copied the file over to the second server, and re-added the config using 'slapadd -F slapd.d -b cn=config -l slapcat_output.ldif'. Then I fired up the server, and let it pull over the main DIT from the first server. That went fine.
It doesn't seem to have fixed my issue, though, which is the cn=config tree not synchronizing changes. When I make a change to olcDatabase={1}hdb,cn=config (which is cn=accesslog) to add some new indexes on server2, I see the following errors in syslog on server1 (after restarting slapd on server2 to try to force a sync...):
Dec 7 12:13:04 server1 slapd[5984]: conn=1308 fd=25 ACCEPT from IP=172.30.96.203:52788 (IP=172.30.96.202:389) Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=0 BIND dn="cn=config" method=128 Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=0 BIND dn="cn=config" mech=SIMPLE ssf=0 Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=0 RESULT tag=97 err=0 text= Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=1 DISCONNECT tag=101 err=2 text=controls require LDAPv3 Dec 7 12:13:04 server1 slapd[5984]: conn=1308 op=1 do_search: get_ctrls failed Dec 7 12:13:04 server1 slapd[5984]: conn=1308 fd=25 closed (operations error)
... and on server2:
Dec 7 12:13:04 server2 slapd[7798]: do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT (2) Protocol error Dec 7 12:13:04 server2 slapd[7798]: do_syncrep2: rid=001 (2) Protocol error Dec 7 12:13:04 server2 slapd[7798]: do_syncrepl: rid=001 rc -2 retrying Dec 7 12:13:04 server2 slapd[7798]: do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT (2) Protocol error Dec 7 12:13:04 server2 slapd[7798]: do_syncrep2: rid=001 (2) Protocol error Dec 7 12:13:04 server2 slapd[7798]: do_syncrepl: rid=001 rc -2 retrying
The "controls require LDAPv3" error confuses me, as a wireshark capture of the conversation shows the bind asking for LDAPv3. Can anyone give me some guidance here?