[Date Prev][Date Next] [Chronological] [Thread] [Top]

Syncrepl and problem with ldap_sasl_bind_s failed?

To: openldap-technical@openldap.org
Subject: Syncrepl and problem with ldap_sasl_bind_s failed?
From: "Eivind Olsen" <eivind@aminor.no>
Date: Thu, 26 Jun 2014 16:49:19 +0200
Importance: Normal
User-agent: SquirrelMail/1.4.21

Hello.

I'm struggling a bit with setting up syncrepl replication between two
OpenLDAP servers (using version 2.4.39 compiled by the LTB project, on top
of RHEL6, if that matters in this case).

Does anyone here have some suggestions on what I should look deeper into
here? Is it a known newbie-error I'm making? I can post configuration
files, describe how I attempt to set up the replication etc.

The two servers have a replicated cn=config, in addition to two suffixes
with their own HDB backend. The first of those suffixes are meant for
administrative data, replication user account, etc., and the second suffix
is for some end-user accounts/settings.

I seem to have managed to get the first HDB backend to replicate, but I
can't get the 2nd to work for some reason (most likely because I'm doing
something wrong).

When I start OpenLDAP with some debug logging, I see several log line, but
the first ones that catches my interest looks like:

53ac30ff slapd starting
53ac30ff slap_client_connect: URI=ldap://ldap01-testing.aminor.no
DN="cn=replicator,ou=admins,ou=internal,o=aminor" ldap_sasl_bind_s failed
(49)
53ac30ff do_syncrepl: rid=005 rc 49 retrying (4 retries left)

(this was seen on the node ldap02-testing.aminor.no. The hostnames exist
in DNS internally, the two nodes can see each other on the IP level etc.)

Both the working and non-working suffix are configured to use the same
replication user (which lives in the 1st suffix).
In my case, I have 2 hdb backends, one seems to replicate just fine, the
other doesn't. I can use ldapsearch on the suffix for that non-replicating
hdb from both nodes to both nodes, and get replies back (running
ldapsearch -x, with -D and -w giving the cn=replicator,ou=admins...etc.
and password).

I went to the #openldap IRC channel and asked about this issue earlier
today, and I saw another person ask about the same "ldap_sasl_bind_s
failed (49)" error message as well. He was using a somewhat older OpenLDAP
though (2.4.23) on Debian though.

Regards
Eivind Olsen

Follow-Ups:
- Re: Syncrepl and problem with ldap_sasl_bind_s failed?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: mdb maxsize too big - no specific error message?
Next by Date: Re: Syncrepl and problem with ldap_sasl_bind_s failed?
Index(es):
- Chronological
- Thread