never did replication and certain to be something that I did but this is the type of error I am getting...
Sep 15 10:58:44 srv1 slapd[2766]: slap_client_connect: URI=ldap://srv2.ayr1.local DN="cn=admin,cn=config" ldap_sasl_bind_s failed (-1) Sep 15 10:58:44 srv1 slapd[2766]: do_syncrepl: rid=002 rc -1 retrying (4 retries left)
Obviously because I didn't tell it NOT to use SASL bind for replication.
Is there some simple adjustment to use something other than SASL for credentials when replicating?
Craig
--On Wednesday, September 15, 2010 11:06 AM -0700 Craig White cwhite@ayr1.com wrote:
never did replication and certain to be something that I did but this is the type of error I am getting...
Sep 15 10:58:44 srv1 slapd[2766]: slap_client_connect: URI=ldap://srv2.ayr1.local DN="cn=admin,cn=config" ldap_sasl_bind_s failed (-1) Sep 15 10:58:44 srv1 slapd[2766]: do_syncrepl: rid=002 rc -1 retrying (4 retries left)
Obviously because I didn't tell it NOT to use SASL bind for replication.
That's the name of the function used to bind, it does not mean it's using SASL. -1 usually means it is unable to even open a port to the server you specified. Since you've failed to submit the related sycnrepl configuration, it's hard to say what's at issue.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On 9/17/2010 9:10 AM, Quanah Gibson-Mount wrote:
--On Wednesday, September 15, 2010 11:06 AM -0700 Craig White cwhite@ayr1.com wrote:
never did replication and certain to be something that I did but this is the type of error I am getting...
Sep 15 10:58:44 srv1 slapd[2766]: slap_client_connect: URI=ldap://srv2.ayr1.local DN="cn=admin,cn=config" ldap_sasl_bind_s failed (-1) Sep 15 10:58:44 srv1 slapd[2766]: do_syncrepl: rid=002 rc -1 retrying (4 retries left)
Obviously because I didn't tell it NOT to use SASL bind for replication.
That's the name of the function used to bind, it does not mean it's using SASL. -1 usually means it is unable to even open a port to the server you specified. Since you've failed to submit the related sycnrepl configuration, it's hard to say what's at issue.
---- I was sort of hoping to find out the command to get the actual configuration from the server but this is what I *think* is on the server...
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://srv1.ayr1.local olcServerID: 2 ldap://srv2.ayr1.local
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://ldap01.example.com binddn="cn=admin,cn=config" bindmethod=simple credentials=***** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://ldap02.example.com binddn="cn=admin,cn=config" bindmethod=simple credentials=***** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
Which of course was a problem because the provider was wrong so I ran 'fix-1.ldif' #
dn: olcDatabase={0}config,cn=config changetype: modify delete: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://ldap01.example.com binddn="cn=admin,cn=config" bindmethod=simple credentials=***** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://ldap02.example.com binddn="cn=admin,cn=config" bindmethod=simple credentials=***** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
and then fix2.ldif #
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://srv1.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple credentials=***** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://srv2.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple credentials=***** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
Thanks
Craig
Still struggling with replication... I have the dumped the configuration of the two servers.
errors on srv1... Sep 22 14:08:17 srv1 slapd[29001]: do_syncrep2: rid=002 got search entry without Sync State control Sep 22 14:08:17 srv1 slapd[29001]: do_syncrepl: rid=002 rc -1 retrying (4 retries left)
errors on srv2... Sep 22 14:08:00 srv2 slapd[19652]: slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.1.9.1.1
moving to cn=config has at times been confusing to me - especially trying to wrestle out what is actually in the server but this is what I have figured out is in the 2 servers...
SRV1 - ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=ayr1,dc=local
olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=ayr1,dc=local" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=ayr1,dc=local" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=ayr1,dc=local
olcRootPW: ****
olcSyncrepl: {0}rid=003 provider=ldap://srv1.ayr1.local binddn="cn=admin,dc=ayr1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=004 provider=ldap://srv2.ayr1.local binddn="cn=admin,dc=ayr1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
olcDbIndex: displayName pres,sub,eq
olcDbIndex: uidNumber,gidNumber,mailLocalAddress,uniqueMember eq
olcDbIndex: businessCategory sub
olcDbIndex: givenname eq,subinitial
olcDbIndex: memberUid,sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
olcDbIndex: default sub
SRV1 - ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={0}config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW: {SSHA}kndAyVYfGOCNo4s/U6bvsuUUlfD7iNON
olcSyncrepl: {0}rid=001 provider=ldap://srv1.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple credentials=**** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=002 provider=ldap://srv2.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple credentials=**** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
SRV2 - ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={0}config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW: {SSHA}kndAyVYfGOCNo4s/U6bvsuUUlfD7iNON
olcSyncrepl: {0}rid=001 provider=ldap://srv1.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple credentials=**** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=002 provider=ldap://srv2.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple credentials=**** searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE
SRV2 - ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=ayr1,dc=local
olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=ayr1,dc=local" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=ayr1,dc=local" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=ayr1,dc=local
olcRootPW: ****
olcSyncrepl: {0}rid=003 provider=ldap://srv1.ayr1.local binddn="cn=admin,dc=ayr1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=004 provider=ldap://srv2.ayr1.local binddn="cn=admin,dc=ayr1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 20971520
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
olcDbIndex: displayName pres,sub,eq
olcDbIndex: uidNumber,gidNumber,mailLocalAddress,uniqueMember eq
olcDbIndex: businessCategory sub
olcDbIndex: givenname eq,subinitial
olcDbIndex: memberUid,sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
olcDbIndex: default sub
n anyone figure out what I am doing wrong?
Thanks
Craig
Ca
--On Wednesday, September 22, 2010 2:09 PM -0700 Craig White cwhite@ayr1.com wrote:
Still struggling with replication... I have the dumped the configuration of the two servers.
I don't see the syncprov overlay loaded on your servers for the primary hdb databases, which is what your logs complain about, so it seems like things are behaving as expected.
I.e., regardless of cn=config or slapd.conf, your configuration is wrong.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On 9/22/2010 2:29 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 22, 2010 2:09 PM -0700 Craig White cwhite@ayr1.com wrote:
Still struggling with replication... I have the dumped the configuration of the two servers.
I don't see the syncprov overlay loaded on your servers for the primary hdb databases, which is what your logs complain about, so it seems like things are behaving as expected.
I.e., regardless of cn=config or slapd.conf, your configuration is wrong.
---- ok but I have been trying...
cat sync_backend.ldif #
dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,dc=ayr1,dc=local - add: olcSyncRepl olcSyncRepl: rid=003 provider=ldap://srv1.ayr1.local binddn="cn=admin,dc=ayr1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=004 provider=ldap://srv2.ayr1.local binddn="cn=admin,dc=ayr1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
#
ldapmodify -x -D cn=admin,cn=config -W -f sync_backend.ldif Enter LDAP Password: modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: Type or value exists (20) additional info: modify/add: olcRootDN: value #0 already exists
I can't see what it is that is wrong here
Craig
--On Wednesday, September 22, 2010 2:59 PM -0700 Craig White cwhite@ayr1.com wrote:
On 9/22/2010 2:29 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 22, 2010 2:09 PM -0700 Craig White cwhite@ayr1.com wrote:
Still struggling with replication... I have the dumped the configuration of the two servers.
I don't see the syncprov overlay loaded on your servers for the primary hdb databases, which is what your logs complain about, so it seems like things are behaving as expected.
I.e., regardless of cn=config or slapd.conf, your configuration is wrong.
ok but I have been trying...
cat sync_backend.ldif #
dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,dc=ayr1,dc=local
additional info: modify/add: olcRootDN: value #0 already exists
You're trying to add a value that already exists, just like the error says.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On 9/22/2010 3:08 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 22, 2010 2:59 PM -0700 Craig White cwhite@ayr1.com wrote:
On 9/22/2010 2:29 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 22, 2010 2:09 PM -0700 Craig White cwhite@ayr1.com wrote:
Still struggling with replication... I have the dumped the configuration of the two servers.
I don't see the syncprov overlay loaded on your servers for the primary hdb databases, which is what your logs complain about, so it seems like things are behaving as expected.
I.e., regardless of cn=config or slapd.conf, your configuration is wrong.
ok but I have been trying...
cat sync_backend.ldif #
dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,dc=ayr1,dc=local
additional info: modify/add: olcRootDN: value #0 already existsYou're trying to add a value that already exists, just like the error says.
---- # cat sync_3.ldif #
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
#
root@srv1:/tmp/ldap-setup# ldapmodify -x -D cn=admin,cn=config -W -f sync_3.ldif Enter LDAP Password: adding new entry "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config"
# /etc/init.d/slapd restart Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd.
So I am telling it to use syncprov overlay but still the problems exist and the syncprov overlay doesn't show up...
# ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb Enter LDAP Password: dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=ayr1,dc=local olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPa ssword by dn="cn=admin,dc=ayr1,dc=local" write by anonymous auth by self writ e by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=ayr1,dc=local" write by * read olcLastMod: TRUE olcRootDN: cn=admin,dc=ayr1,dc=local olcRootPW: **** olcSyncrepl: {0}rid=003 provider=ldap://srv1.ayr1.local binddn="cn=admin,dc=ay r1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=lo cal" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncrepl: {1}rid=004 provider=ldap://srv2.ayr1.local binddn="cn=admin,dc=ay r1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=lo cal" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq olcDbIndex: displayName pres,sub,eq olcDbIndex: uidNumber,gidNumber,mailLocalAddress,uniqueMember eq olcDbIndex: businessCategory sub olcDbIndex: givenname eq,subinitial olcDbIndex: memberUid,sambaSID,sambaPrimaryGroupSID,sambaDomainName eq olcDbIndex: default sub
Craig
--On Wednesday, September 22, 2010 3:30 PM -0700 Craig White cwhite@ayr1.com wrote:
So I am telling it to use syncprov overlay but still the problems exist and the syncprov overlay doesn't show up...
Does your build use modules? If so, did you load the module?
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Craig White -
Quanah Gibson-Mount