All,
I've read and re-read (not to mentioned googled) configuring SyncRepl in OpenLDAP dynamic configuration (cn=config)--v2.4.23. Missing something somewhere. Current logging is set to "256" on both Provider and Consumer.
On my Master/Provider LDAP server seeing the following:
slapd shutdown: waiting for 0 operations/tasks to finish
slapd shutdown: initiated
bdb_modify: dc=group42,dc=ldap
bdb_dn2entry("dc=group42,dc=ldap")
bdb_modify_internal: 0x00000001: dc=group42,dc=ldap
bdb_modify_internal: replace contextCSN
=> entry_encode(0x00000001): dc=group42,dc=ldap
<= entry_encode(0x00000001): dc=group42,dc=ldap
bdb_modify: updated id=00000001 dn="dc=group42,dc=ldap"
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=0 matched="" text=""
====> bdb_cache_release_all
====> bdb_cache_release_all
slapd destroy: freeing system resources.
On my Consumer/Slave Server I am seeing the following:
slapd destroy: freeing system resources.
syncinfo_free: rid=001
slapd stopped.
tail: /var/log/slapd: file truncated
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying
From my readings, I understand that the "Sync State Control" error normally
indicates that my provider is not set up correctly. As far as I can tell, my modules are correctly loaded and the overlays are loaded to the appropriate database (my case, bdb) to be replicated.
The following is from the Provider/Master LDAP Server:
My olcDatabase-{1}bdb.ldif (truncated):
# more olcDatabase={1}bdb.ldif
dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcSuffix: dc=group42,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
olcRootPW:: *******
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap_db/openldap-data
olcDbCacheSize: 1000
... olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: cn,uid eq,sub
olcDbIndex: uidNumber eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: ipHostNumber eq
olcDbIndex: gidNumber,memberUID eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8
creatorsName: cn=config
createTimestamp: 20111219143532Z
olcDbSearchStack: 32
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo
us auth by * none
olcAccess: {1} to * by * read
olcDatabase: {1}bdb
entryCSN: 20120313143637.046410Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20120313143637Z
# ll olcDatabase={1}bdb
total 16
-rw------- 1 ldap ldap 453 Mar 12 10:50 olcOverlay={0}syncprov.ldif
-rw------- 1 ldap ldap 505 Feb 29 11:16 olcOverlay={1}accesslog.ldif
The olcOverlay={0}syncrpov.ldif
# more olcDatabase={1}bdb/olcOverlay={0}syncprov.ldif
dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca
creatorsName: cn=admin,cn=config
createTimestamp: 20120224171809Z
olcSpReloadHint: TRUE
olcSpCheckpoint: 1000 60
entryCSN: 20120312145000.123929Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120312145000Z
The olcOverlay={1}accesslog.ldif:
# more olcDatabase={1}bdb/olcOverlay={1}accesslog.ldif
dn: olcOverlay={1}accesslog
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
entryUUID: eea1e438-6385-4660-807b-bb270eb4843a
creatorsName: cn=admin,cn=config
createTimestamp: 20120229161649Z
entryCSN: 20120229161649.880441Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120229161649Z
***The following is on the Consumer/Slave Server***
The olcDatabase={2}bdb.ldif (truncated):
# more olcDatabase={2}bdb.ldif
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcSuffix: dc=group42,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
olcRootPW:: *********
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap_db/openldap-data
olcDbCacheSize: 1000
...
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq,sub
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo
us auth by * none
olcAccess: {1} to * by * read
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008
creatorsName: cn=config
createTimestamp: 20120229205835Z
olcDatabase: {2}bdb
olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636
olcMirrorMode: TRUE
olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod
=simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=******* interva
l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach
ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs=
"*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23
/etc/openldap/cacerts
entryCSN: 20120313150609.224840Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120313150609Z
Not sure what I am missing, nor where I am missing it. Any assistance would be helpful.
Dave Borresen
Solaris/Linux Systems Administrator
Surveillance Systems Group
MIT Lincoln Laboratory
244 Wood Street
Lexington, MA 02420
P: 781-981-2954
F: 781-981-5344
john.borresen@ll.mit.edu
--On Tuesday, March 13, 2012 12:01 PM -0400 "Borresen, John - 0442 - MITLL" john.borresen@ll.mit.edu wrote:
All,
I've read and re-read (not to mentioned googled) configuring SyncRepl in OpenLDAP dynamic configuration (cn=config)--v2.4.23. Missing something somewhere. Current logging is set to "256" on both Provider and Consumer.
You haven't provided your cn=module{0}.ldif file, which actually shows what modules you've loaded. For example, in my setup:
root@zre-ldap002:/opt/zimbra/data/ldap/config/cn=config# more cn=module{0}.ldif dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /opt/zimbra/openldap/sbin/openldap olcModuleLoad: {0}back_mdb.la olcModuleLoad: {1}back_monitor.la olcModuleLoad: {2}syncprov.la olcModuleLoad: {3}accesslog.la olcModuleLoad: {4}dynlist.la olcModuleLoad: {5}unique.la olcModuleLoad: {6}noopsrch.la
Here, you can see it is explicitly loading the syncprov and accesslog modules into slapd, so that they can be used.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Thanks, Quanah;
As requested:
cn=config]# ll total 140 -rw------- 1 ldap ldap 398 Jan 24 11:28 cn=module{0}.ldif -rw------- 1 ldap ldap 398 Feb 8 14:02 cn=module{1}.ldif -rw------- 1 ldap ldap 397 Feb 21 09:06 cn=module{2}.ldif -rw------- 1 ldap ldap 399 Feb 24 12:32 cn=module{3}.ldif
# more cn=module{0}.ldif dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModuleLoad: {0}/usr/local/openldap-2.4.23/sbin/openldap/syncprov.la structuralObjectClass: olcModuleList entryUUID: c310e54d-05be-4aa9-b21c-0dbe18d3325f creatorsName: cn=admin,cn=config createTimestamp: 20120124162842Z entryCSN: 20120124162842.141749Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120124162842Z
# more cn=module{1}.ldif dn: cn=module{1} objectClass: olcModuleList cn: module{1} olcModuleLoad: {0}/usr/local/openldap-2.4.23/sbin/openldap/memberof.la structuralObjectClass: olcModuleList entryUUID: 6be3869e-f62b-41f6-bfb6-2aeabfba15c5 creatorsName: cn=admin,cn=config createTimestamp: 20120208190247Z entryCSN: 20120208190247.099501Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120208190247Z
# more cn=module{2}.ldif dn: cn=module{2} objectClass: olcModuleList cn: module{2} olcModuleLoad: {0}/usr/local/openldap-2.4.23/sbin/openldap/ppolicy.la structuralObjectClass: olcModuleList entryUUID: 8be8b3db-4c2e-4a58-b88b-40f072dd0b24 creatorsName: cn=admin,cn=config createTimestamp: 20120221140647Z entryCSN: 20120221140647.348688Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120221140647Z
# more cn=module{3}.ldif dn: cn=module{3} objectClass: olcModuleList cn: module{3} olcModuleLoad: {0}/usr/local/openldap-2.4.23/sbin/openldap/accesslog.la structuralObjectClass: olcModuleList entryUUID: a93a59f7-d725-4f9b-b180-2fb0d1d1ffd9 creatorsName: cn=admin,cn=config createTimestamp: 20120224173208Z entryCSN: 20120224173208.528073Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120224173208Z
David Borresen ph: 781-981-2954 email: john.d.borresen@ll.mit.edu
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Tuesday, March 13, 2012 1:08 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: OPENLDAP SYNCREPL
--On Tuesday, March 13, 2012 12:01 PM -0400 "Borresen, John - 0442 - MITLL" john.borresen@ll.mit.edu wrote:
All,
I've read and re-read (not to mentioned googled) configuring SyncRepl in OpenLDAP dynamic configuration (cn=config)--v2.4.23. Missing something somewhere. Current logging is set to "256" on both Provider and Consumer.
You haven't provided your cn=module{0}.ldif file, which actually shows what modules you've loaded. For example, in my setup:
root@zre-ldap002:/opt/zimbra/data/ldap/config/cn=config# more cn=module{0}.ldif dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /opt/zimbra/openldap/sbin/openldap olcModuleLoad: {0}back_mdb.la olcModuleLoad: {1}back_monitor.la olcModuleLoad: {2}syncprov.la olcModuleLoad: {3}accesslog.la olcModuleLoad: {4}dynlist.la olcModuleLoad: {5}unique.la olcModuleLoad: {6}noopsrch.la
Here, you can see it is explicitly loading the syncprov and accesslog modules into slapd, so that they can be used.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Borresen, John - 0442 - MITLL wrote:
Thanks, Quanah;
As requested:
That was clearly not the problem; if the syncprov module was missing your config would have caused slapd to fail to start. Also it was clearly present since you had it updating the contextCSN in your shutdown log. Quanah, you should have already seen that and not sent him on a wild goose chase.
And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG DIRECTORY.
Use the database administration tools. For your previous case, you should have simply used: slapcat -s olcDatabase={1}bdb,cn=config
Make sure the consumer is talking to the server you think it is. Show slapd -d7 output from the provider while the consumer is trying to connect.
Thanks, Howard;
In hindsight, if my config looks jumbled, it is...that's what I get for doing little things in a quasi-blind attempt at solving issues.
*******Here is the output of slapcat on the Provider:**********
# slapcat -s olcDatabase={1}bdb,cn=config dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/1 2/18 11:53:27 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}# http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: cn,uid eq,sub olcDbIndex: uidNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: ipHostNumber eq olcDbIndex: gidNumber,memberUID eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8 creatorsName: cn=config createTimestamp: 20111219143532Z olcDbSearchStack: 32 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDatabase: {1}bdb olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" size=unlimited time=u nlimited entryCSN: 20120313163732.658240Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313163732Z
dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca creatorsName: cn=admin,cn=config createTimestamp: 20120224171809Z olcSpReloadHint: TRUE olcSpCheckpoint: 1000 60 entryCSN: 20120312145000.123929Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120312145000Z
dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: eea1e438-6385-4660-807b-bb270eb4843a creatorsName: cn=admin,cn=config createTimestamp: 20120229161649Z entryCSN: 20120229161649.880441Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120229161649Z
# slapcat -s olcDatabase={2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDbDirectory: /var/lib/ldap_db/accesslog olcSuffix: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcBdbConfig entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48 creatorsName: cn=admin,cn=config createTimestamp: 20120229153826Z olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" time.soft=unlimited t ime.hard=unlimited size.soft=unlimited size.hard=unlimited olcDatabase: {2}bdb entryCSN: 20120313143637.046410Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20120313143637Z
################################################ ***Here is the output of slapcat from the Consumer*** # slapcat -s olcDatabase={2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4 2007/1 2/18 11:51:46 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}# http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008 creatorsName: cn=config createTimestamp: 20120229205835Z olcDatabase: {2}bdb olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636 olcMirrorMode: TRUE olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod =simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=********* interva l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs= "*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23 /etc/openldap/cacerts entryCSN: 20120313150609.224840Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313150609Z
dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {0}memberof structuralObjectClass: olcMemberOf entryUUID: 363ad8ed-872c-4fff-99c1-4f73d3e8055d creatorsName: cn=admin,cn=config createTimestamp: 20120302121345Z entryCSN: 20120302121345.220702Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302121345Z
dn: olcOverlay={1}syncprov,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 69ca3f6a-1ac4-45f9-88ca-eb7f67ca7b63 creatorsName: cn=admin,cn=config createTimestamp: 20120302141557Z entryCSN: 20120302141557.545770Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302141557Z
I know that the two systems are communicating, at least, at the client level and attempting to at the slapd level. As stated earlier, the only error I'm seeing consistently on the Consumer is: do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying
The full log up to the above "Sync State Control" messages on the consumer:
request done: ld 0x14043290 msgid 1 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x14043290 msgid 2 dborresen on gp42-rohan$ ssh -X root@gp42-admin1 request done: ld 0x2af20fe89d70 msgid 1 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 2 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 3 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 4 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 5 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 6 ldap_build_search_req ATTRS: uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass request done: ld 0x2af20fe89d70 msgid 7 Last login: Tue Mar 13 09:06:13 2012 from gp42-rohan.llan.ll.mit.edu root on gp42-admin1# tail -f /var/log/slapd 0000: 15 03 01 00 20 dd 4d 17 93 a1 ce 3f 55 5f c5 db .... .M....?U_..
0010: ed 5c c1 86 6f 21 09 c9 ec 8e f5 c0 39 8a b7 7a ...o!......9..z
0020: 1d 4e 66 ed b6 .Nf..
TLS trace: SSL3 alert write:warning:close notify ldap_free_connection: actually freed tls_read: want=5 error=Bad file descriptor do_syncrepl: rid=001 rc -1 retrying daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: shutdown requested and initiated. daemon: closing 7 connection_closing: readying conn=1000 sd=15 for close connection_close: conn=1000 sd=15 daemon: removing 15 tls_write: want=37, written=37 0000: 15 03 01 00 20 d7 c9 23 bd 9d c0 16 c6 d4 44 a4 .... ..#......D.
0010: a5 dc c0 98 2b 1e 30 a0 87 21 77 b1 53 cc 48 4a ....+.0..!w.S.HJ
0020: 4b 80 11 e2 c3 K....
TLS trace: SSL3 alert write:warning:close notify conn=1000 fd=15 closed (slapd shutdown) connection_closing: readying conn=1001 sd=16 for close connection_close: conn=1001 sd=16 daemon: removing 16 tls_write: want=37, written=37 0000: 15 03 01 00 20 00 3e 12 4d e4 d0 22 6a c3 8c 7d .... .>.M.."j..}
0010: ab c9 6e 6b 6b bf 45 de 98 03 e4 3d dc 7a f6 3d ..nkk.E....=.z.=
0020: 59 8a ff 95 df Y....
TLS trace: SSL3 alert write:warning:close notify conn=1001 fd=16 closed (slapd shutdown) slapd shutdown: waiting for 0 operations/tasks to finish slapd shutdown: initiated ====> bdb_cache_release_all ====> bdb_cache_release_all slapd destroy: freeing system resources. syncinfo_free: rid=001
Just noticed on the Provider, after restarting with DEBUG of "7", the following:
slapd destroy: freeing system resources slapd stopped
That is the final two entries in the log. Running a ps for slapd, it shows as running,
The following is the slapd logs from the Consumer: ldap_build_search_req ATTRS: reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 264 bytes to sd 15 tls_write: want=330, written=330 0000: 17 03 01 00 20 72 13 92 07 08 37 c4 7b 38 98 13 .... r....7.{8..
0010: 5a 47 35 08 a5 8e da f7 91 6a 9c ce 57 ba 2e 78 ZG5......j..W..x
0020: 96 ca e7 1c 4b 17 03 01 01 20 61 b0 79 38 e9 ec ....K.... a.y8..
0030: 79 6a 8c 3c a2 55 62 0e 30 f3 86 a5 58 f8 4f 75 yj.<.Ub.0...X.Ou
0040: e4 47 a5 16 de 1a 10 34 3d 2f 61 c0 71 f2 72 8d .G.....4=/a.q.r.
0050: 11 25 24 3d 7c 52 4e 2d 10 75 84 3b 01 a5 ef 7c .%$=|RN-.u.;...|
0060: 2f f1 69 f7 e4 02 89 d6 4e 81 b0 ef f1 43 89 61 /.i.....N....C.a
0070: a8 06 ab e1 b9 c8 de d6 92 de f7 f2 38 7e ed 97 ............8~..
0080: 41 61 f9 13 96 4f d8 a1 72 c7 58 7f d7 52 3e 27 Aa...O..r.X..R>'
0090: 95 e8 6b 2e b1 36 14 87 96 bf 39 54 08 8f b1 df ..k..6....9T....
00a0: 6e 79 3f df b3 0d 14 8d 9a a2 85 8e 6e b5 e7 b6 ny?.........n...
00b0: 6e d0 f5 41 66 98 2d bd c9 22 5a e6 bd 91 a0 ea n..Af.-.."Z.....
00c0: 10 e3 00 84 a6 13 ed ce 56 10 2b 15 92 5b cf 5f ........V.+..[._
00d0: 85 2a 7e 72 57 ad fe 21 a2 09 cf 3a 00 6b 97 a0 .*~rW..!...:.k..
00e0: e4 59 47 a1 39 2f 6d 23 a3 6b ec ce c0 c3 88 59 .YG.9/m#.k.....Y
00f0: 51 15 f7 f0 d0 a4 c9 1d 74 89 34 72 17 f6 ae a5 Q.......t.4r....
0100: fe f5 2b 31 af ba ff 2c 11 c8 70 35 26 1e a8 12 ..+1...,..p5&...
0110: cd b7 26 ee ff 5e 5e 44 6c fd bb e3 33 5d 8c 6b ..&..^^Dl...3].k
0120: 5a f7 81 c9 43 fa 76 88 90 1f 62 39 fd 50 2d 68 Z...C.v...b9.P-h
0130: c2 e2 0a f8 32 59 84 5d 97 ca fd ed ab be 76 b5 ....2Y.]......v.
0140: bd c2 ef be 08 b4 2a d0 0a 58 ......*..X
ldap_write: want=264, written=264 0000: 30 82 01 04 02 01 02 63 7a 04 0c 63 6e 3d 61 63 0......cz..cn=ac
0010: 63 65 73 73 6c 6f 67 0a 01 02 0a 01 00 02 01 00 cesslog.........
0020: 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c ........objectcl
0030: 61 73 73 30 4e 04 05 72 65 71 44 4e 04 07 72 65 ass0N..reqDN..re
0040: 71 54 79 70 65 04 06 72 65 71 4d 6f 64 04 09 72 qType..reqMod..r
0050: 65 71 4e 65 77 52 44 4e 04 0f 72 65 71 44 65 6c eqNewRDN..reqDel
0060: 65 74 65 4f 6c 64 52 44 4e 04 0e 72 65 71 4e 65 eteOldRDN..reqNe
0070: 77 53 75 70 65 72 69 6f 72 04 08 65 6e 74 72 79 wSuperior..entry
0080: 43 53 4e a0 81 82 30 62 04 18 31 2e 33 2e 36 2e CSN...0b..1.3.6.
0090: 31 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e 31 1.4.1.4203.1.9.1
00a0: 2e 31 04 46 30 44 0a 01 03 04 3c 72 69 64 3d 30 .1.F0D....<rid=0
00b0: 30 31 2c 73 69 64 3d 30 30 30 2c 63 73 6e 3d 32 01,sid=000,csn=2
00c0: 30 31 32 30 33 30 31 31 36 32 30 33 33 2e 31 33 0120301162033.13
00d0: 32 35 39 35 5a 23 30 30 30 30 30 30 23 30 30 30 2595Z#000000#000
00e0: 23 30 30 30 30 30 30 01 01 00 30 1c 04 17 32 2e #000000...0...2.
00f0: 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 16.840.1.113730.
0100: 33 2e 34 2e 32 01 01 ff 3.4.2...
=>do_syncrep2 rid=001 ldap_result ld 0x176e58f0 msgid 2 wait4msg ld 0x176e58f0 msgid 2 (timeout 0 usec) wait4msg continue ld 0x176e58f0 msgid 2 all 0 ** ld 0x176e58f0 Connections: * host: gp42-admin2.group42.ldap port: 636 (default) refcnt: 2 status: Connected last used: Tue Mar 13 14:32:09 2012
** ld 0x176e58f0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x176e58f0 request count 1 (abandoned 0) ** ld 0x176e58f0 Response Queue: Empty ld 0x176e58f0 response count 0 ldap_chkResponseList ld 0x176e58f0 msgid 2 all 0 ldap_chkResponseList returns ld 0x176e58f0 NULL ldap_int_select connection_get(15) connection_get(15): got connid=0 =>do_syncrepl rid=001 =>do_syncrep2 rid=001 ldap_result ld 0x176e58f0 msgid 2 wait4msg ld 0x176e58f0 msgid 2 (timeout 0 usec) wait4msg continue ld 0x176e58f0 msgid 2 all 0 ** ld 0x176e58f0 Connections: * host: gp42-admin2.group42.ldap port: 636 (default) refcnt: 2 status: Connected last used: Tue Mar 13 14:32:09 2012
** ld 0x176e58f0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x176e58f0 request count 1 (abandoned 0) ** ld 0x176e58f0 Response Queue: Empty ld 0x176e58f0 response count 0 ldap_chkResponseList ld 0x176e58f0 msgid 2 all 0 ldap_chkResponseList returns ld 0x176e58f0 NULL ldap_int_select read1msg: ld 0x176e58f0 msgid 2 all 0 ber_get_next tls_read: want=5, got=5 0000: 17 03 01 00 20 ....
tls_read: want=32, got=32 0000: 4e 88 88 4a 6e 77 f0 43 59 1a ec aa 52 ce 3e e1 N..Jnw.CY...R.>.
0010: 02 a2 26 26 6e 23 9a 87 5f f1 ca fc 88 c0 02 76 ..&&n#.._......v
tls_read: want=5, got=5 0000: 17 03 01 00 70 ....p
tls_read: want=112, got=112 0000: 1b 7b 97 8b a7 b3 eb ca db 7b 7a 66 e2 52 52 3a .{.......{zf.RR:
0010: 7c 7b 57 10 ba fa ab 94 f8 67 a3 c7 2d 78 0f dc |{W......g..-x..
0020: d7 c1 3a 06 db 4b ad e5 b8 5a fa 29 a7 b6 f4 92 ..:..K...Z.)....
0030: e3 50 05 58 80 41 e3 e3 9b 43 08 d8 83 ff bb 1d .P.X.A...C......
0040: c1 37 0f 98 34 32 cc af 27 bd a6 06 57 e0 84 ba .7..42..'...W...
0050: 71 8e 1c 85 b6 4d 46 00 04 66 ef 1f e7 a5 ca 3e q....MF..f.....>
0060: 26 ce c6 83 78 db 3b b8 f0 92 92 ee 3d 5e 87 d6 &...x.;.....=^..
ldap_read: want=8, got=8 0000: 30 4d 02 01 02 64 48 04 0M...dH.
ldap_read: want=71, got=71 0000: 0c 63 6e 3d 61 63 63 65 73 73 6c 6f 67 30 38 30 .cn=accesslog080
0010: 36 04 08 65 6e 74 72 79 43 53 4e 31 2a 04 28 32 6..entryCSN1*.(2
0020: 30 31 32 30 33 30 31 31 36 32 30 33 33 2e 31 33 0120301162033.13
0030: 32 35 39 35 5a 23 30 30 30 30 30 30 23 30 30 30 2595Z#000000#000
0040: 23 30 30 30 30 30 30 #000000
ber_get_next: tag 0x30 len 77 contents: read1msg: ld 0x176e58f0 msgid 2 message type search-entry ber_scanf fmt ({xx) ber: do_syncrep2: rid=001 got search entry without Sync State control ldap_msgfree connection_get(15) connection_get(15): got connid=0 ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 15 tls_write: want=74, written=74 0000: 17 03 01 00 20 46 a2 b3 01 e2 fd c9 d8 13 e4 32 .... F.........2
0010: d3 51 b8 21 7e ce 9d 8b f6 ca 39 5e 3d 4a ea ba .Q.!~.....9^=J..
0020: 0a 84 1d 96 a0 17 03 01 00 20 34 0d 82 ce dc 88 ......... 4.....
0030: f3 99 49 90 e8 47 98 8c 72 32 98 e5 50 dd 08 01 ..I..G..r2..P...
0040: 87 20 19 cc 19 3c 6f f1 c8 f4 . ...<o...
ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B.
tls_write: want=37, written=37 0000: 15 03 01 00 20 be 7e 35 96 7c a9 fc 95 05 8d cd .... .~5.|......
0010: c0 93 10 86 e2 25 29 0e 32 cf 63 48 ec d0 8d 1f .....%).2.cH....
0020: 1f 75 01 3c 4c .u.<L
TLS trace: SSL3 alert write:warning:close notify ldap_free_connection: actually freed tls_read: want=5 error=Bad file descriptor do_syncrepl: rid=001 rc -1 retrying
David Borresen ph: 781-981-2954 email: john.d.borresen@ll.mit.edu
-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Tuesday, March 13, 2012 2:01 PM To: Borresen, John - 0442 - MITLL Cc: Quanah Gibson-Mount; openldap-technical@openldap.org Subject: Re: OPENLDAP SYNCREPL
Borresen, John - 0442 - MITLL wrote:
Thanks, Quanah;
As requested:
That was clearly not the problem; if the syncprov module was missing your config would have caused slapd to fail to start. Also it was clearly present
since you had it updating the contextCSN in your shutdown log. Quanah, you should have already seen that and not sent him on a wild goose chase.
And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG DIRECTORY.
Use the database administration tools. For your previous case, you should have simply used: slapcat -s olcDatabase={1}bdb,cn=config
Make sure the consumer is talking to the server you think it is. Show slapd -d7 output from the provider while the consumer is trying to connect.
Borresen, John - 0442 - MITLL wrote:
Thanks, Howard;
In hindsight, if my config looks jumbled, it is...that's what I get for doing little things in a quasi-blind attempt at solving issues.
Quanah's followup was correct: you have the consumer configured for delta-syncrepl but you're missing the provider on your cn=accesslog database.
See the Admin Guide section 18.3.2. http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20dif...
*******Here is the output of slapcat on the Provider:**********
# slapcat -s olcDatabase={1}bdb,cn=config dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/1 2/18 11:53:27 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}#http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: cn,uid eq,sub olcDbIndex: uidNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: ipHostNumber eq olcDbIndex: gidNumber,memberUID eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8 creatorsName: cn=config createTimestamp: 20111219143532Z olcDbSearchStack: 32 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDatabase: {1}bdb olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" size=unlimited time=u nlimited entryCSN: 20120313163732.658240Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313163732Z
dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca creatorsName: cn=admin,cn=config createTimestamp: 20120224171809Z olcSpReloadHint: TRUE olcSpCheckpoint: 1000 60 entryCSN: 20120312145000.123929Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120312145000Z
dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: eea1e438-6385-4660-807b-bb270eb4843a creatorsName: cn=admin,cn=config createTimestamp: 20120229161649Z entryCSN: 20120229161649.880441Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120229161649Z
# slapcat -s olcDatabase={2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDbDirectory: /var/lib/ldap_db/accesslog olcSuffix: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcBdbConfig entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48 creatorsName: cn=admin,cn=config createTimestamp: 20120229153826Z olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" time.soft=unlimited t ime.hard=unlimited size.soft=unlimited size.hard=unlimited olcDatabase: {2}bdb entryCSN: 20120313143637.046410Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20120313143637Z
################################################ ***Here is the output of slapcat from the Consumer*** # slapcat -s olcDatabase={2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4 2007/1 2/18 11:51:46 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}#http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008 creatorsName: cn=config createTimestamp: 20120229205835Z olcDatabase: {2}bdb olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636 olcMirrorMode: TRUE olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod =simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=********* interva l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs= "*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23 /etc/openldap/cacerts entryCSN: 20120313150609.224840Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313150609Z
dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {0}memberof structuralObjectClass: olcMemberOf entryUUID: 363ad8ed-872c-4fff-99c1-4f73d3e8055d creatorsName: cn=admin,cn=config createTimestamp: 20120302121345Z entryCSN: 20120302121345.220702Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302121345Z
dn: olcOverlay={1}syncprov,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 69ca3f6a-1ac4-45f9-88ca-eb7f67ca7b63 creatorsName: cn=admin,cn=config createTimestamp: 20120302141557Z entryCSN: 20120302141557.545770Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302141557Z
I know that the two systems are communicating, at least, at the client level and attempting to at the slapd level. As stated earlier, the only error I'm seeing consistently on the Consumer is: do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying
David Borresen ph: 781-981-2954 email: john.d.borresen@ll.mit.edu
-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Tuesday, March 13, 2012 2:01 PM To: Borresen, John - 0442 - MITLL Cc: Quanah Gibson-Mount; openldap-technical@openldap.org Subject: Re: OPENLDAP SYNCREPL
Borresen, John - 0442 - MITLL wrote:
Thanks, Quanah;
As requested:
That was clearly not the problem; if the syncprov module was missing your config would have caused slapd to fail to start. Also it was clearly present
since you had it updating the contextCSN in your shutdown log. Quanah, you should have already seen that and not sent him on a wild goose chase.
And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG DIRECTORY.
Use the database administration tools. For your previous case, you should have simply used: slapcat -s olcDatabase={1}bdb,cn=config
Make sure the consumer is talking to the server you think it is. Show slapd -d7 output from the provider while the consumer is trying to connect.
Maybe it's just that it is near the end of the day...but, first here is my ldif to add the provider to my cn=accesslog:
dn: olcDatabase={2}bdb,cn=config (I've tried it with {1}, {2} and nothing) changetype: add objectClass: olcOverlayConfig objectClass: olcSynProvConfig olcOverlay: syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE
Receiving the following error:
ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
----- Looking at my old ldif's for creating this in the first place (this my original LDIF to create the cn=accesslog):
]# more olcDatabase={1}bdb.ldif dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: bdb olcDbDirectory: /var/lib/ldap_db/accesslog olcSuffix: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcBdbConfig entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48 creatorsName: cn=admin,cn=config createTimestamp: 20120229153826Z entryCSN: 20120229153826.297794Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120229153826Z
Originally, I had the olcOverlay, etc in this but it failed out with the same error as above; so, I took it out in the hope of inserting it later obviously with no luck.
David Borresen ph: 781-981-2954 email: john.d.borresen@ll.mit.edu
-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Tuesday, March 13, 2012 2:52 PM To: Borresen, John - 0442 - MITLL Cc: Quanah Gibson-Mount; openldap-technical@openldap.org Subject: Re: OPENLDAP SYNCREPL
Borresen, John - 0442 - MITLL wrote:
Thanks, Howard;
In hindsight, if my config looks jumbled, it is...that's what I get for doing little things in a quasi-blind attempt at solving issues.
Quanah's followup was correct: you have the consumer configured for delta-syncrepl but you're missing the provider on your cn=accesslog database.
See the Admin Guide section 18.3.2. http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20dif ferent%20replication%20types
*******Here is the output of slapcat on the Provider:**********
# slapcat -s olcDatabase={1}bdb,cn=config dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/1 2/18 11:53:27 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and
semantics.
olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}#http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only
upon
re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: cn,uid eq,sub olcDbIndex: uidNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: ipHostNumber eq olcDbIndex: gidNumber,memberUID eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8 creatorsName: cn=config createTimestamp: 20111219143532Z olcDbSearchStack: 32 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDatabase: {1}bdb olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" size=unlimited time=u nlimited entryCSN: 20120313163732.658240Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313163732Z
dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca creatorsName: cn=admin,cn=config createTimestamp: 20120224171809Z olcSpReloadHint: TRUE olcSpCheckpoint: 1000 60 entryCSN: 20120312145000.123929Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120312145000Z
dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {1}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig entryUUID: eea1e438-6385-4660-807b-bb270eb4843a creatorsName: cn=admin,cn=config createTimestamp: 20120229161649Z entryCSN: 20120229161649.880441Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120229161649Z
# slapcat -s olcDatabase={2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDbDirectory: /var/lib/ldap_db/accesslog olcSuffix: cn=accesslog olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcBdbConfig entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48 creatorsName: cn=admin,cn=config createTimestamp: 20120229153826Z olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap"
time.soft=unlimited
t ime.hard=unlimited size.soft=unlimited size.hard=unlimited olcDatabase: {2}bdb entryCSN: 20120313143637.046410Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20120313143637Z
################################################ ***Here is the output of slapcat from the Consumer*** # slapcat -s olcDatabase={2}bdb,cn=config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcSuffix: dc=group42,dc=ldap olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=ldapadmin,dc=group42,dc=ldap olcRootPW:: *************** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap_db/openldap-data olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4 2007/1 2/18 11:51:46 ghenry Exp $ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and
semantics.
olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ olcDbConfig: {9}# in particular: olcDbConfig: {10}#http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only
upon
re building olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: mail eq,sub olcDbIndex: departmentNumber eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymo us auth by * none olcAccess: {1} to * by * read olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008 creatorsName: cn=config createTimestamp: 20120229205835Z olcDatabase: {2}bdb olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636 olcMirrorMode: TRUE olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636 bindmethod =simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=********* interva l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog" schemach ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)" attrs= "*,+" syncdata=accesslog starttls=no tls_cacertdir=/usr/local/openldap-2.4.23 /etc/openldap/cacerts entryCSN: 20120313150609.224840Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120313150609Z
dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {0}memberof structuralObjectClass: olcMemberOf entryUUID: 363ad8ed-872c-4fff-99c1-4f73d3e8055d creatorsName: cn=admin,cn=config createTimestamp: 20120302121345Z entryCSN: 20120302121345.220702Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302121345Z
dn: olcOverlay={1}syncprov,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpNoPresent: TRUE structuralObjectClass: olcSyncProvConfig entryUUID: 69ca3f6a-1ac4-45f9-88ca-eb7f67ca7b63 creatorsName: cn=admin,cn=config createTimestamp: 20120302141557Z entryCSN: 20120302141557.545770Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20120302141557Z
I know that the two systems are communicating, at least, at the client
level
and attempting to at the slapd level. As stated earlier, the only error
I'm
seeing consistently on the Consumer is: do_syncrep2: rid=001 got search entry without Sync State control do_syncrepl: rid=001 rc -1 retrying
David Borresen ph: 781-981-2954 email: john.d.borresen@ll.mit.edu
-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Tuesday, March 13, 2012 2:01 PM To: Borresen, John - 0442 - MITLL Cc: Quanah Gibson-Mount; openldap-technical@openldap.org Subject: Re: OPENLDAP SYNCREPL
Borresen, John - 0442 - MITLL wrote:
Thanks, Quanah;
As requested:
That was clearly not the problem; if the syncprov module was missing your config would have caused slapd to fail to start. Also it was clearly
present
since you had it updating the contextCSN in your shutdown log. Quanah, you should have already seen that and not sent him on a wild goose chase.
And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG DIRECTORY.
Use the database administration tools. For your previous case, you should have simply used: slapcat -s olcDatabase={1}bdb,cn=config
Make sure the consumer is talking to the server you think it is. Show
slapd
-d7 output from the provider while the consumer is trying to connect.
openldap-technical@openldap.org