11:06 a.m.
never did replication and certain to be something that I did but this
is the type of error I am getting...
Sep 15 10:58:44 srv1 slapd[2766]: slap_client_connect:
URI=ldap://srv2.ayr1.local DN="cn=admin,cn=config" ldap_sasl_bind_s
failed (-1)
Sep 15 10:58:44 srv1 slapd[2766]: do_syncrepl: rid=002 rc -1 retrying (4
retries left)
Obviously because I didn't tell it NOT to use SASL bind for replication.
Is there some simple adjustment to use something other than SASL for
credentials when replicating?
Craig
9:10 a.m.
--On Wednesday, September 15, 2010 11:06 AM -0700 Craig White
<cwhite(a)ayr1.com> wrote:
never did replication and certain to be something that I did but
this
is the type of error I am getting...
Sep 15 10:58:44 srv1 slapd[2766]: slap_client_connect:
URI=ldap://srv2.ayr1.local DN="cn=admin,cn=config" ldap_sasl_bind_s
failed (-1)
Sep 15 10:58:44 srv1 slapd[2766]: do_syncrepl: rid=002 rc -1 retrying (4
retries left)
Obviously because I didn't tell it NOT to use SASL bind for replication.
That's the name of the function used to bind, it does not mean it's using
SASL. -1 usually means it is unable to even open a port to the server you
specified. Since you've failed to submit the related sycnrepl
configuration, it's hard to say what's at issue.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
9:22 a.m.
New subject: [SpamBlock] Re: problem with replication
On 9/17/2010 9:10 AM, Quanah Gibson-Mount wrote:
--On Wednesday, September 15, 2010 11:06 AM -0700 Craig White
<cwhite(a)ayr1.com> wrote:
> never did replication and certain to be something that I did but this
> is the type of error I am getting...
>
> Sep 15 10:58:44 srv1 slapd[2766]: slap_client_connect:
> URI=ldap://srv2.ayr1.local DN="cn=admin,cn=config" ldap_sasl_bind_s
> failed (-1)
> Sep 15 10:58:44 srv1 slapd[2766]: do_syncrepl: rid=002 rc -1 retrying (4
> retries left)
>
> Obviously because I didn't tell it NOT to use SASL bind for replication.
That's the name of the function used to bind, it does not mean it's
using SASL. -1 usually means it is unable to even open a port to the
server you specified. Since you've failed to submit the related
sycnrepl configuration, it's hard to say what's at issue.
----
I was sort of hoping to find out the command to get the actual
configuration from the server but this is what I *think* is on the server...
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://srv1.ayr1.local
olcServerID: 2 ldap://srv2.ayr1.local
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://ldap01.example.com
binddn="cn=admin,cn=config" bindmethod=simple
credentials=***** searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://ldap02.example.com
binddn="cn=admin,cn=config" bindmethod=simple
credentials=***** searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
Which of course was a problem because the provider was wrong so I ran
'fix-1.ldif'
#
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://ldap01.example.com
binddn="cn=admin,cn=config" bindmethod=simple
credentials=***** searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://ldap02.example.com
binddn="cn=admin,cn=config" bindmethod=simple
credentials=***** searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
and then fix2.ldif
#
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://srv1.ayr1.local
binddn="cn=admin,cn=config" bindmethod=simple
credentials=***** searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://srv2.ayr1.local
binddn="cn=admin,cn=config" bindmethod=simple
credentials=***** searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
Thanks
Craig
2:09 p.m.
New subject: [SpamBlock] Re: problem with replication
Still struggling with replication... I have the dumped the configuration of the two
servers.
errors on srv1...
Sep 22 14:08:17 srv1 slapd[29001]: do_syncrep2: rid=002 got search entry without Sync
State control
Sep 22 14:08:17 srv1 slapd[29001]: do_syncrepl: rid=002 rc -1 retrying (4 retries left)
errors on srv2...
Sep 22 14:08:00 srv2 slapd[19652]: slap_global_control: unrecognized control:
1.3.6.1.4.1.4203.1.9.1.1
moving to cn=config has at times been confusing to me - especially trying to wrestle out
what is actually in the server but this is what I have figured out is in the 2 servers...
SRV1 - ldapsearch -xLLL -b cn=config -D
cn=admin,cn=config -W olcDatabase={1}hdb
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=ayr1,dc=local
olcAccess: {0}to
attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by
dn="cn=admin,dc=ayr1,dc=local" write by anonymous auth by
self write by * none
olcAccess: {1}to dn.base=""
by * read
olcAccess: {2}to * by
dn="cn=admin,dc=ayr1,dc=local" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=ayr1,dc=local
olcRootPW: ****
olcSyncrepl: {0}rid=003
provider=ldap://srv1.ayr1.local binddn="cn=admin,dc=ayr1,dc=local"
bindmethod=simple
credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=004
provider=ldap://srv2.ayr1.local binddn="cn=admin,dc=ayr1,dc=local"
bindmethod=simple
credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152
0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
olcDbIndex: displayName pres,sub,eq
olcDbIndex:
uidNumber,gidNumber,mailLocalAddress,uniqueMember eq
olcDbIndex: businessCategory sub
olcDbIndex: givenname eq,subinitial
olcDbIndex:
memberUid,sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
olcDbIndex: default sub
SRV1 - ldapsearch
-xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={0}config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW:
{SSHA}kndAyVYfGOCNo4s/U6bvsuUUlfD7iNON
olcSyncrepl: {0}rid=001
provider=ldap://srv1.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple
credentials=**** searchbase="cn=config" type=refreshAndPersist retry="5 5
300 5"
timeout=1
olcSyncrepl: {1}rid=002
provider=ldap://srv2.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple
credentials=**** searchbase="cn=config" type=refreshAndPersist retry="5 5
300 5"
timeout=1
olcMirrorMode: TRUE
SRV2 - ldapsearch
-xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={0}config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW:
{SSHA}kndAyVYfGOCNo4s/U6bvsuUUlfD7iNON
olcSyncrepl: {0}rid=001
provider=ldap://srv1.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple
credentials=**** searchbase="cn=config" type=refreshAndPersist retry="5 5
300 5"
timeout=1
olcSyncrepl: {1}rid=002
provider=ldap://srv2.ayr1.local binddn="cn=admin,cn=config" bindmethod=simple
credentials=**** searchbase="cn=config" type=refreshAndPersist retry="5 5
300 5"
timeout=1
olcMirrorMode: TRUE
SRV2 - ldapsearch
-xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=ayr1,dc=local
olcAccess: {0}to
attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by
dn="cn=admin,dc=ayr1,dc=local" write by anonymous auth by
self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=ayr1,dc=local" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=ayr1,dc=local
olcRootPW: ****
olcSyncrepl: {0}rid=003
provider=ldap://srv1.ayr1.local binddn="cn=admin,dc=ayr1,dc=local"
bindmethod=simple
credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=004
provider=ldap://srv2.ayr1.local binddn="cn=admin,dc=ayr1,dc=local"
bindmethod=simple
credentials=**** searchbase="dc=ayr1,dc=local" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 20971520
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
olcDbIndex: displayName pres,sub,eq
olcDbIndex: uidNumber,gidNumber,mailLocalAddress,uniqueMember eq
olcDbIndex: businessCategory sub
olcDbIndex: givenname eq,subinitial
olcDbIndex: memberUid,sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
olcDbIndex: default sub
n anyone figure out what I am doing wrong?
Thanks
Craig
Ca
2:29 p.m.
New subject: [SpamBlock] Re: problem with replication
--On Wednesday, September 22, 2010 2:09 PM -0700 Craig White
<cwhite(a)ayr1.com> wrote:
Still struggling with replication... I have the dumped the configuration
of the two servers.
I don't see the syncprov overlay loaded on your servers for the primary hdb
databases, which is what your logs complain about, so it seems like things
are behaving as expected.
I.e., regardless of cn=config or slapd.conf, your configuration is wrong.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
2:59 p.m.
New subject: [SpamBlock] Re: problem with replication
On 9/22/2010 2:29 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 22, 2010 2:09 PM -0700 Craig White
<cwhite(a)ayr1.com> wrote:
>
>
> Still struggling with replication... I have the dumped the configuration
> of the two servers.
I don't see the syncprov overlay loaded on your servers for the
primary hdb databases, which is what your logs complain about, so it
seems like things are behaving as expected.
I.e., regardless of cn=config or slapd.conf, your configuration is wrong.
----
ok but I have been trying...
cat sync_backend.ldif
#
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,dc=ayr1,dc=local
-
add: olcSyncRepl
olcSyncRepl: rid=003 provider=ldap://srv1.ayr1.local
binddn="cn=admin,dc=ayr1,dc=local"
bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=local"
type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=004 provider=ldap://srv2.ayr1.local
binddn="cn=admin,dc=ayr1,dc=local"
bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=local"
type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
#
ldapmodify -x -D cn=admin,cn=config -W -f sync_backend.ldif
Enter LDAP Password:
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: Type or value exists (20)
additional info: modify/add: olcRootDN: value #0 already exists
I can't see what it is that is wrong here
Craig
3:08 p.m.
New subject: [SpamBlock] Re: problem with replication
--On Wednesday, September 22, 2010 2:59 PM -0700 Craig White
<cwhite(a)ayr1.com> wrote:
On 9/22/2010 2:29 PM, Quanah Gibson-Mount wrote:
> --On Wednesday, September 22, 2010 2:09 PM -0700 Craig White
> <cwhite(a)ayr1.com> wrote:
>
>>
>>
>> Still struggling with replication... I have the dumped the configuration
>> of the two servers.
>
> I don't see the syncprov overlay loaded on your servers for the
> primary hdb databases, which is what your logs complain about, so it
> seems like things are behaving as expected.
>
> I.e., regardless of cn=config or slapd.conf, your configuration is wrong.
----
ok but I have been trying...
cat sync_backend.ldif
#
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,dc=ayr1,dc=local
additional info: modify/add: olcRootDN: value #0 already
exists
You're trying to add a value that already exists, just like the error says.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
3:30 p.m.
New subject: [SpamBlock] Re: problem with replication
On 9/22/2010 3:08 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 22, 2010 2:59 PM -0700 Craig White
<cwhite(a)ayr1.com> wrote:
> On 9/22/2010 2:29 PM, Quanah Gibson-Mount wrote:
>> --On Wednesday, September 22, 2010 2:09 PM -0700 Craig White
>> <cwhite(a)ayr1.com> wrote:
>>
>>>
>>>
>>> Still struggling with replication... I have the dumped the
>>> configuration
>>> of the two servers.
>>
>> I don't see the syncprov overlay loaded on your servers for the
>> primary hdb databases, which is what your logs complain about, so it
>> seems like things are behaving as expected.
>>
>> I.e., regardless of cn=config or slapd.conf, your configuration is
>> wrong.
> ----
> ok but I have been trying...
>
> cat sync_backend.ldif
> #
>
> dn: olcDatabase={1}hdb,cn=config
> changetype: modify
> add: olcRootDN
> olcRootDN: cn=admin,dc=ayr1,dc=local
> additional info: modify/add: olcRootDN: value #0 already exists
>
You're trying to add a value that already exists, just like the error
says.
----
# cat sync_3.ldif
#
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
#
root@srv1:/tmp/ldap-setup# ldapmodify -x -D cn=admin,cn=config -W -f
sync_3.ldif
Enter LDAP Password:
adding new entry "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config"
# /etc/init.d/slapd restart
Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd.
So I am telling it to use syncprov overlay but still the problems exist
and the syncprov overlay doesn't show up...
# ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
Enter LDAP Password:
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=ayr1,dc=local
olcAccess: {0}to
attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPa
ssword by dn="cn=admin,dc=ayr1,dc=local" write by anonymous auth by
self writ
e by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=ayr1,dc=local" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=ayr1,dc=local
olcRootPW: ****
olcSyncrepl: {0}rid=003 provider=ldap://srv1.ayr1.local
binddn="cn=admin,dc=ay
r1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=lo
cal" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=004 provider=ldap://srv2.ayr1.local
binddn="cn=admin,dc=ay
r1,dc=local" bindmethod=simple credentials=**** searchbase="dc=ayr1,dc=lo
cal" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
olcDbIndex: displayName pres,sub,eq
olcDbIndex: uidNumber,gidNumber,mailLocalAddress,uniqueMember eq
olcDbIndex: businessCategory sub
olcDbIndex: givenname eq,subinitial
olcDbIndex: memberUid,sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
olcDbIndex: default sub
Craig
3:40 p.m.
New subject: [SpamBlock] Re: problem with replication
--On Wednesday, September 22, 2010 3:30 PM -0700 Craig White
<cwhite(a)ayr1.com> wrote:
So I am telling it to use syncprov overlay but still the problems exist
and the syncprov overlay doesn't show up...
Does your build use modules? If so, did you load the module?
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
4341
days inactive
4348
days old
openldap-technical@openldap.org
8 comments
2 participants
participants (2)
-
Craig White -
Quanah Gibson-Mount