openldap

aravind1024004 · 07-01-2008, 07:55 AM

hi

i had configured openldap in rhel5 as master/slave
openldap version is 2.3
Slave is not getting replicating from master.
These are the logs generated in master and slave server.
plz help me with this issue.

At the time restarting slapd.conf in master server.

[root@master~]# tail -f /var/log/slapd.logJul 1 21:07:21 master slapd[2960]: daemon: shutdown requested and initiated.
Jul 1 21:07:21 master slapd[2960]: slapd shutdown: waiting for 0 threads to terminate
Jul 1 21:07:21 master slapd[2960]: slapd stopped.
Jul 1 21:07:22 master slapd[3254]: @(#) $OpenLDAP: slapd 2.3.27 (Jan 3 2007 13:13:17) $ brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
Jul 1 21:07:23 master slapd[3255]: slapd starting
==================================================================================================== ========================

###At the time of restarting the slave slapd.conf#####

[root@master~]# tail -f /var/log/slapd.log
Jul 1 21:08:34 master slapd[3255]: conn=0 fd=13 ACCEPT from IP=192.168.117.5:35205 (IP=0.0.0.0:389)
Jul 1 21:08:34 master slapd[3255]: conn=0 op=0 BIND dn="cn=syncuser,dc=panafnet,dc=com" method=128
Jul 1 21:08:34 master slapd[3255]: conn=0 op=0 RESULT tag=97 err=49 text=Jul 1 21:08:35 master slapd[3255]: conn=0 op=1 UNBIND
Jul 1 21:08:35 master slapd[3255]: conn=0 fd=13 closed
Jul 1 21:08:35 master slapd[3255]: connection_read(13): no connection!

[root@slave ~]# tail -f /var/log/slapd.logJun 30 10:40:36 slave slapd[6481]: daemon: shutdown requested and initiated.
Jun 30 10:40:36 slave slapd[6481]: slapd shutdown: waiting for 0 threads to terminate
Jun 30 10:40:36 slave slapd[6481]: slapd stopped.
Jun 30 10:40:37 slave slapd[6758]: @(#) $OpenLDAP: slapd 2.3.27 (Jan 3 2007 13:13:17) $ brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
Jun 30 10:40:38 slave slapd[6759]: slapd starting
Jun 30 10:40:38 slave slapd[6759]: do_syncrep1: ldap_sasl_bind_s failed (49)

druuna · 07-01-2008, 11:47 AM

Hi,

This err=49 and this ldap_sasl_bind_s failed (49) both tell you that you used invalid credentials.

There's not much more to go on, maybe it's enough to help you solve the problem.
If not, tell us a bit more (how are both master and slave set up, was the initial 'master data' replicated to the slave? etc).

aravind1024004 · 07-01-2008, 11:36 PM

hi,

Thanks for your reply.
Could you plz tell me which credentials you are talking about.
I had used credentials in slave slapd.conf.

These is my configuration file.Here the credentials which i was used was everything correct.

======================================
/etc/openldap/slapd.conf(master)=========================================

# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/qmail.schema

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

access to attrs=userPassword
by self write
by dn="cn=syncuser,dc=panafnet,dc=com" read
by * auth

access to *
by dn="cn=syncuser,dc=panafnet,dc=com" read
by * read

database bdb
suffix "dc=panafnet,dc=com"
rootdn "cn=Manager,dc=panafnet,dc=com"
rootpw {SSHA}9ma4wkvWQM2ws7E9q7qIgK9vQ2Rp4IhZ

directory /var/lib/ldap/panafnet.com

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index default sub
index entryCSN,entryUUID eq

overlay syncprov
syncprov-checkpoint 100 05========================================================================
/etc/ldap.conf(master)
=========================================================================
host 192.168.117.4 192.168.117.5

# The distinguished name of the search base.
base dc=panafnet,dc=com
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn dc=panafnet,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw secret
# may incur a small performance impact.
nss_base_passwd ou=People,dc=panafnet,dc=com?one
nss_base_shadow ou=People,dc=panafnet,dc=com?one
nss_base_group ou=Group,dc=panafnet,dc=com?one
#uri ldap://127.0.0.1/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5========================================================================

/etc/openlldap/lapd.conf(slave)=========================================================================
# network or connect timeouts (see bind_timelimit).
host 192.168.117.5 192.168.117.4

# The distinguished name of the search base.
base dc=panafnet,dc=com

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn dc=panafnet,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw secret

# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=panafnet,dc=com?one
nss_base_shadow ou=People,dc=panafnet,dc=com?one
nss_base_group ou=Group,dc=pananfet,dc=com?one#nss_base_hosts ou=Hosts,dc=example,dc=com?one

ssl no
tls_cacertdir /etc/openldap/cacerts
========================================================================
/etc/openldap/slapd.conf(slave)
=========================================================================

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database bdb
suffix "dc=panafnet,dc=com"
rootdn "cn=Manager,dc=panafnet,dc=com"
rootpw {SSHA}F/VF2kcFeRzWxmYddG2JryM/0odBN7Hy

directory /var/lib/ldap/panafnet.com

syncrepl
rid=0
provider=ldap://192.168.117.4:389
binddn="dc=panafnet,dc=com"
bindmethod=simple
credentials=SyncUser
searchbase="dc=panafnet,dc=com"
filter="(objectClass=*)"
attrs="*"
schemachecking=off
scope=sub
type=refreshOnly
interval=00:00:00:06

access to attrs=userPassword
by dn="cn=syncuser,dc=panafnet,dc=com" write
by * auth

access to *
by dn="cn=syncuser,dc=panafnet,dc=com" write
by * read
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index default sub
index entryCSN,entryUUID eq

==================================================================================================== ======================

jnojr · 07-30-2008, 11:57 AM

I'm getting the do_syncrep1: ldap_sasl_bind_s failed (49) error when trying to use syncreply, too. I know my username and password is correct, as I can log on to a client system with them. On the producer side, I get:

ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)

And:

bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

Any ideas?

ziox · 07-31-2008, 10:26 PM

Have anybody got syncrepl to work as expected?

scenario 1:
Master/Slave

any update just show up on the master...
doesn't matter you inserted it on the master or the slave...
means authentication works...
+ always doesn't work without referral !!!
not just this... when you delete something
never get deleted on the slave... just on the master
and stays on the slave...
when you try to delete it is says No such Object

I'm using ldapadmin.exe client http://ldapadmin.sourceforge.net/

scenario 2:
Multi-Master never worked

without referral ... it complains [No update referral!!!]

with referral [error referral]
I added server 1 as referral on server 2
and ... server 2 on 1

I use the configuration which everybody uses
from openldap.org & http://www.zytrax.com/books/ldap/ch7

use cn=manager,xxxxxxxxxxx on both
used another user with permission to write to everything

openldap 2.3

also I had loglevel to show sync process
but never found slapd.log or even anything in /var/log/messages

So, the questions is & and it is for whomever wrote these
tutorials on openldap.org & http://www.zytrax.com/books/ldap/

Have you ever got this configuration to work?!!! {as you posted it}