[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't start replication

To: Alister Forbes <a@cisco.com>
Subject: Re: Can't start replication
From: Jonathan CLARKE <jonathan.clarke@normation.com>
Date: Fri, 03 Sep 2010 15:43:00 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <AC10B913-AA60-48A4-BF04-47F685A56526@cisco.com>
Organization: Normation
References: <AC10B913-AA60-48A4-BF04-47F685A56526@cisco.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.1.11) Gecko/20100711 Lightning/1.0b1 Thunderbird/3.0.6

Hi,

Le 03/09/2010 14:25, Alister Forbes a écrit :

My situation is that I'm trying to get replication working between
two instances of openldap 2.4.23, both running on RHEL5, both built
with the same options, and db built under them with the same options,
and both OS instances are the same (cloned VMs)

I can see the two slapd's trying to communicate, but athough the
passwords supplied in 'credentials' are definitely correct, I keep
seeing the err=49 in the logs below

I've been struggling with this for days now.. can anyone give me a
hint what I've messed up?

If you're certain the password is correct, it's possible that your ACLsdon't allow authentication. At the very least, you need to allow authaccess to the userPassword attribute.

To make sure the password can be used to bind with this account (andit's not a purely syncrepl-related problem), I recommend testing withsomething like:

ldapsearch -x -D cn=config -w cisco123 -b cn=config

Also, I'm not sure if it's related, but I now can't change anything
in the servers configs directly, I keep getting -

ldap_modify: Server is unwilling to perform (53) additional info:
shadow context; no update referral

I think this is the behaviour you would expect when the server was a
syncrepl slave, but these are supposed to be multi-mastered.

If you want multi-master, have you also defined serverIDs for eachserver, and set olcMirrorMode to TRUE?


Regards,
Jonathan

Any help, greatfully received Alister

output of ldapsearch:

# {0}config, config dn: olcDatabase={0}config,cn=config olcSyncrepl:
{0}rid=001 provider=ldap://10.211.55.8 binddn="cn=config" bindmet
hod=simple credentials=cisco123 searchbase="cn=config"
type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncrepl:
{1}rid=002 provider=ldap://10.211.55.11 binddn="cn=config" bindme
thod=simple credentials=cisco123 searchbase="cn=config"
type=refreshAndPersis t retry="5 5 300 5" timeout=1

Sep  3 14:08:59 rhel-lnx1 slapd[12715]: slap_client_connect:
URI=ldap://10.211.55.11 DN="cn=config" ldap_sasl_bind_s failed (49)
Sep  3 14:08:59 rhel-lnx1 slapd[12715]: do_syncrepl: rid=002 rc 49
retrying (1 retries left) Sep  3 14:09:00 rhel-lnx1 slapd[12715]:
conn=1007 fd=9 ACCEPT from IP=10.211.55.11:33025 (IP=0.0.0.0:389) Sep
3 14:09:00 rhel-lnx1 slapd[12715]: conn=1007 op=0 BIND dn="cn=config"
method=128 Sep  3 14:09:00 rhel-lnx1 slapd[12715]: conn=1007 op=0
RESULT tag=97 err=49 text= Sep  3 14:09:00 rhel-lnx1 slapd[12715]:
conn=1007 op=1 UNBIND Sep  3 14:09:00 rhel-lnx1 slapd[12715]:
conn=1007 fd=9 closed Sep  3 14:09:04 rhel-lnx1 slapd[12715]:
conn=1008 fd=11 ACCEPT from IP=10.211.55.8:33001 (IP=0.0.0.0:389) Sep
3 14:09:04 rhel-lnx1 slapd[12715]: conn=1008 op=0 BIND dn="cn=config"
method=128 Sep  3 14:09:04 rhel-lnx1 slapd[12715]: conn=1008 op=0
RESULT tag=97 err=49 text= Sep  3 14:09:04 rhel-lnx1 slapd[12715]:
slap_client_connect: URI=ldap://10.211.55.8 DN="cn=config"
ldap_sasl_bind_s failed (49) Sep  3 14:09:04 rhel-lnx1 slapd[12715]:
do_syncrepl: rid=001 rc 49 retrying Sep  3 14:09:04 rhel-lnx1
slapd[12715]: conn=1008 op=1 UNBIND Sep  3 14:09:04 rhel-lnx1
slapd[12715]: conn=1008 fd=11 closed Sep  3 14:09:04 rhel-lnx1
slapd[12715]: slap_client_connect: URI=ldap://10.211.55.11
DN="cn=config" ldap_sasl_bind_s failed (49) Sep  3 14:09:04 rhel-lnx1
slapd[12715]: do_syncrepl: rid=002 rc 49 retrying Sep  3 14:09:05
rhel-lnx1 slapd[12715]: conn=1009 fd=9 ACCEPT from
IP=10.211.55.11:33027 (IP=0.0.0.0:389) Sep  3 14:09:05 rhel-lnx1
slapd[12715]: conn=1009 op=0 BIND dn="cn=config" method=128 Sep  3
14:09:05 rhel-lnx1 slapd[12715]: conn=1009 op=0 RESULT tag=97 err=49
text= Sep  3 14:09:05 rhel-lnx1 slapd[12715]: conn=1009 op=1 UNBIND
Sep  3 14:09:05 rhel-lnx1 slapd[12715]: conn=1009 fd=9 closed

-- Alister Forbes      TACSUNS             _.|._.|._ Cisco Systems

Please avoid sending me Word or PowerPoint attachments. See -
http://www.gnu.org/philosophy/no-word-attachments.html



--
==========================================
Jonathan CLARKE
------------------------------------------
Normation
44 rue Cauchy, 94110 Arcueil, France
------------------------------------------
Telephone:  +33 (0)1 83 62 26 96
------------------------------------------
Web:        http://www.normation.com/
==========================================

References:
- Can't start replication
  - From: Alister Forbes <a@cisco.com>

Prev by Date: Re: Defining a password attributetype
Next by Date: Re: solaris 10 as client to openldap
Index(es):
- Chronological
- Thread