-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, February 02, 2012 5:03 PM To: Aaron Bennett; openldap-technical@openldap.org Subject: RE: 2.4.28 cn=config replication trouble
Let me correct that. All binds use the ldap_sasl_bind_s function, but a simple bind isn't specifically a SASL bind. In any case, your consumer clearly is unable to bind to the master to replicate one of the configurations you've configured, most likely for the cn=config replication bit, given that the bind DN for it is cn=config.
I know, I inititially thought so, too... but the servers are replicating. If you look at the output with logging set to "stats sync", here's what happens on each box immediately after slapd starts:
Feb 3 09:41:58 animal slapd[28953]: slapd starting Feb 3 09:41:58 animal slapd[28953]: slap_client_connect: URI=ldaps://zoot.clarku.edu DN="cn=replicator,ou=services,dc=clarku,dc=edu" ldap_sasl_bind_s failed (-1) Feb 3 09:41:58 animal slapd[28953]: slap_client_connect: URI=ldaps://zoot.clarku.edu DN="cn=config" ldap_sasl_bind_s failed (-1) Feb 3 09:41:58 animal slapd[28953]: do_syncrepl: rid=002 rc -1 retrying (4 retries left) Feb 3 09:41:58 animal slapd[28953]: do_syncrepl: rid=002 rc -1 retrying (4 retries left) Feb 3 09:42:03 animal slapd[28953]: conn=1000 fd=19 ACCEPT from IP=140.232.1.15:53074 (IP=0.0.0.0:636) Feb 3 09:42:03 animal slapd[28953]: conn=1001 fd=20 ACCEPT from IP=140.232.1.15:53075 (IP=0.0.0.0:636) Feb 3 09:42:03 animal slapd[28953]: do_syncrep2: rid=002 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 3 09:42:03 animal slapd[28953]: do_syncrep2: rid=002 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 3 09:42:03 animal slapd[28953]: conn=1001 fd=20 TLS established tls_ssf=256 ssf=256 Feb 3 09:42:03 animal slapd[28953]: conn=1000 fd=19 TLS established tls_ssf=256 ssf=256 Feb 3 09:42:03 animal slapd[28953]: conn=1001 op=0 BIND dn="cn=config" method=128 Feb 3 09:42:03 animal slapd[28953]: conn=1001 op=0 BIND dn="cn=config" mech=SIMPLE ssf=0 Feb 3 09:42:03 animal slapd[28953]: conn=1000 op=0 BIND dn="cn=replicator,ou=services,dc=clarku,dc=edu" method=128 Feb 3 09:42:03 animal slapd[28953]: conn=1001 op=0 RESULT tag=97 err=0 text= Feb 3 09:42:03 animal slapd[28953]: conn=1000 op=0 BIND dn="cn=Replicator,ou=Services,dc=clarku,dc=edu" mech=SIMPLE ssf=0
And the other box during that sequence:
Feb 3 09:41:58 zoot slapd[3321]: conn=1008 fd=13 ACCEPT from IP=140.232.1.12:37620 (IP=0.0.0.0:636) Feb 3 09:41:58 zoot slapd[3321]: conn=1009 fd=16 ACCEPT from IP=140.232.1.12:37621 (IP=0.0.0.0:636) Feb 3 09:41:58 zoot slapd[3321]: conn=1009 fd=16 TLS established tls_ssf=256 ssf=256 Feb 3 09:41:58 zoot slapd[3321]: conn=1008 fd=13 TLS established tls_ssf=256 ssf=256 Feb 3 09:41:58 zoot slapd[3321]: conn=1009 fd=16 closed (connection lost) Feb 3 09:41:58 zoot slapd[3321]: conn=1008 fd=13 closed (connection lost) Feb 3 09:42:03 zoot slapd[3321]: conn=1010 fd=19 ACCEPT from IP=140.232.1.12:37622 (IP=0.0.0.0:636) Feb 3 09:42:03 zoot slapd[3321]: conn=1011 fd=16 ACCEPT from IP=140.232.1.12:37623 (IP=0.0.0.0:636) Feb 3 09:42:03 zoot slapd[3321]: conn=1010 fd=19 TLS established tls_ssf=256 ssf=256 Feb 3 09:42:03 zoot slapd[3321]: conn=1011 fd=16 TLS established tls_ssf=256 ssf=256 Feb 3 09:42:03 zoot slapd[3321]: conn=1010 op=0 BIND dn="cn=replicator,ou=services,dc=clarku,dc=edu" method=128 Feb 3 09:42:03 zoot slapd[3321]: conn=1011 op=0 BIND dn="cn=config" method=128 Feb 3 09:42:03 zoot slapd[3321]: conn=1011 op=0 BIND dn="cn=config" mech=SIMPLE ssf=0 Feb 3 09:42:03 zoot slapd[3321]: conn=1010 op=0 BIND dn="cn=Replicator,ou=Services,dc=clarku,dc=edu" mech=SIMPLE ssf=0
(animal is 140.232.1.12, zoot is 140.232.1.15)
When animal is failing the slapd_client_connect for both dn's (one for cn=config, one for the directory data), I see zoot accept the connection and then zoot sees animal drop it, and then five seconds later it connects successfully.