Quantcast
Channel: iRedMail
Viewing all articles
Browse latest Browse all 47865

LDAP Replication Fails

February 2, 2013, 10:13 am
$
0
0

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: CentOS 5.8 (master)/6.3 (slave)
- Related log if you're reporting an issue:
====

Hello again,

Now that I have the new backup mail server running nicely, I'm back to trying to get LDAP to replicate.  I have searched exhaustively through the OpenLDAP docs, and what can be found online about making LDAP replicate on various distributions, and sadly it looks like there are a lot of variables at work.  However, I think I'm very close!  I have the machines talking to one another, I just can't get them to actually sync.

The master is a CentOS 5.8 i686 machine upgraded from iRedMail 0.7.0 to 0.8.3, the slave is a CentOS 6.3 x64 machine running a clean install of iRedMail 0.8.3.  I'm sure I'm just missing something simple here.  Thanks for the help!

Ted

The error message is:

do_syncrep2: rid=101 got search entry without Sync State control

I know the systems can talk to one another.  From the slave I can issue:

# ldapsearch -H ldaps://ldap-master.mydomain.com  -x -D cn=replicator,dc=mydomain,dc=com -W 
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <dc=mydomain,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# mydomain.com
dn: dc=mydomain,dc=com
objectClass: dcObject
objectClass: organization
dc: heroesinc
o: heroesinc

# domains, mydomain.com
dn: o=domains,dc=mydomain,dc=com
objectClass: organization
o: domains

# replicator, mydomain.com
dn: cn=replicator,dc=mydomain,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
objectClass: top
cn: replicator
description: LDAP replicator
userPassword:: <HASH>

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3

Here are the important parts of the config files:

/etc/openldap/slapd.conf (master):

...

# Allow users to change their own passwords and mail forwarding addresses.
access to attrs="userPassword,mailForwardingAddress"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=mydomain,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    by dn.base="cn=replicator,dc=mydomain,dc=com" read
    by users        none
    by *            break

...

database    bdb
suffix      dc=mydomain,dc=com
checkpoint  128 5
directory   /var/lib/ldap/mydomain.com

rootdn      cn=Manager,dc=mydomain,dc=com
rootpw      <PASSWORD HASH>

sizelimit   1000
cachesize   1000

 ### for LDAP replication
 ###
 moduleload syncprov
 index entryCSN,entryUUID eq
 overlay syncprov
 syncprov-checkpoint 100 10
 syncprov-sessionlog 200

...

/etc/openldap/slapd.conf (slave):

database    bdb
suffix      dc=mydomain,dc=com
rootdn      dc=mydomain,dc=com
directory   /var/lib/ldap/mydomain.com
index       objectclass,entryCSN,entryUUID eq

rootdn      cn=Manager,dc=mydomain,dc=com
rootpw      <PASSWORD HASH>

sizelimit   10000
cachesize   10000

syncrepl rid=101
        provider=ldaps://ldap-master.mydomain.com
        type=RefreshandPersist
        interval=00:01:00:00
        retry="5 5 300 +"
        searchbase="dc=mydomain,dc=com"
        filter="(objectClass=*)"
        scope=sub
        attrs="*,+"
        bindmethod=simple
        tls_cacert=/etc/pki/tls/certs/ldap-master-iRedMail_CA.pem
        binddn="cn=replicator,dc=mydomain,dc=com"
        credentials=<PASSWORD>

Here are the logs.  For simplicity, I've deleted repeating messages.  They all repeat six times before the next message appears.

/var/log/openldap.log (master debug -1):

Feb  2 10:42:20 ldap-master slapd[1948]: => acl_mask: access to entry "mail=tcox@mydomain.com,ou=Aliases,domainName=mydomain.com,o=domains,dc=mydomain,dc=com", attr "entry" requested 
Feb  2 10:42:20 ldap-master slapd[1948]: => acl_mask: to all values by "cn=replicator,dc=mydomain,dc=com", (=0)  
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: anonymous 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: self 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: cn=vmail,dc=mydomain,dc=com 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: cn=vmailadmin,dc=mydomain,dc=com 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: mail=[^,]+@$1,o=domainAdmins,dc=mydomain,dc=com$ 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: mail=[^,]+@$1,ou=Users,domainName=$1,o=domains,dc=mydomain,dc=com$ 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: users 
Feb  2 10:42:20 ldap-master slapd[1948]: <= acl_mask: [7] applying none(=0) (stop) 
Feb  2 10:42:20 ldap-master slapd[1948]: <= acl_mask: [7] mask: none(=0) 
Feb  2 10:42:20 ldap-master slapd[1948]: => access_allowed: read access denied by none(=0) 
Feb  2 10:42:20 ldap-master slapd[1948]: send_search_entry: conn 10884 access to entry (mail=tcox@mydomain.com,ou=Aliases,domainName=mydomain.com,o=domains,dc=mydomain,dc=com) not allowed 
Feb  2 10:42:20 ldap-master slapd[1948]: => access_allowed: search access to "mail=aol@mydomain.com,ou=Aliases,domainName=mydomain.com,o=domains,dc=mydomain,dc=com" "objectClass" requested 
Feb  2 10:42:20 ldap-master slapd[1948]: => dnpat: [1] cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=mydomain,dc=com$ nsub: 3 
Feb  2 10:42:20 ldap-master slapd[1948]: => acl_get: [4] attr objectClass 
Feb  2 10:42:20 ldap-master slapd[1948]: => acl_mask: access to entry "mail=aol@mydomain.com,ou=Aliases,domainName=mydomain.com,o=domains,dc=mydomain,dc=com", attr "objectClass" requested 
Feb  2 10:42:20 ldap-master slapd[1948]: => acl_mask: to all values by "cn=replicator,dc=mydomain,dc=com", (=0)  
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: anonymous 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: self 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: cn=vmail,dc=mydomain,dc=com 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: cn=vmailadmin,dc=mydomain,dc=com 
Feb  2 10:42:20 ldap-master slapd[1948]: <= check a_dn_pat: users 
Feb  2 10:42:20 ldap-master slapd[1948]: <= acl_mask: [5] applying read(=rscxd) (stop) 
Feb  2 10:42:20 ldap-master slapd[1948]: <= acl_mask: [5] mask: read(=rscxd) 
Feb  2 10:42:20 ldap-master slapd[1948]: => access_allowed: search access granted by read(=rscxd) 
Feb  2 10:42:20 ldap-master slapd[1948]: => access_allowed: read access to "mail=aol@mydomain.com,ou=Aliases,domainName=mydomain.com,o=domains,dc=mydomain,dc=com" "entry" requested 
Feb  2 10:42:20 ldap-master slapd[1948]: => dnpat: [1] cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=mydomain,dc=com$ nsub: 3 
Feb  2 10:42:20 ldap-master slapd[1948]: => dn: [7] cn=vmail,dc=mydomain,dc=com 
Feb  2 10:42:20 ldap-master slapd[1948]: => dn: [8] cn=vmailadmin,dc=mydomain,dc=com 
Feb  2 10:42:20 ldap-master slapd[1948]: => dnpat: [9] domainName=([^,]+),o=domains,dc=mydomain,dc=com$ nsub: 1 
Feb  2 10:42:20 ldap-master slapd[1948]: => acl_get: [9] matched 
Feb  2 10:42:20 ldap-master slapd[1948]: => acl_get: [9] attr entry 
Feb  2 10:42:20 ldap-master slapd[1948]: => match[0]: 33 85 
Feb  2 10:42:20 ldap-master slapd[1948]: d
Feb  2 10:42:20 ldap-master slapd[1948]: o
Feb  2 10:42:20 ldap-master slapd[1948]: m
Feb  2 10:42:20 ldap-master slapd[1948]: a
Feb  2 10:42:20 ldap-master slapd[1948]: i
Feb  2 10:42:20 ldap-master slapd[1948]: n
Feb  2 10:42:20 ldap-master slapd[1948]: N
Feb  2 10:42:20 ldap-master slapd[1948]: a
Feb  2 10:42:20 ldap-master slapd[1948]: m
Feb  2 10:42:20 ldap-master slapd[1948]: e
Feb  2 10:42:20 ldap-master slapd[1948]: =

/var/log/openldap.log (slave debug -1):

Feb  2 10:40:23 ldap-slave slapd[23547]: =>do_syncrepl rid=101
Feb  2 10:40:23 ldap-slave slapd[23547]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb  2 10:40:23 ldap-slave slapd[23547]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Feb  2 10:40:23 ldap-slave slapd[23547]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Feb  2 10:40:23 ldap-slave slapd[23547]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: =>do_syncrep2 rid=101
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: added 22r listener=(nil)
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: activity on 1 descriptor
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: activity on:
Feb  2 10:40:24 ldap-slave slapd[23547]:
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: activity on 1 descriptor
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: activity on:
Feb  2 10:40:24 ldap-slave slapd[23547]:  22r
Feb  2 10:40:24 ldap-slave slapd[23547]:
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: read active on 22
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Feb  2 10:40:24 ldap-slave slapd[23547]: connection_get(22)
Feb  2 10:40:24 ldap-slave slapd[23547]: connection_get(22): got connid=0
Feb  2 10:40:24 ldap-slave slapd[23547]: =>do_syncrepl rid=101
Feb  2 10:40:24 ldap-slave slapd[23547]: =>do_syncrep2 rid=101
Feb  2 10:40:24 ldap-slave slapd[23547]: do_syncrep2: rid=101 got search entry without Sync State control
Feb  2 10:40:24 ldap-slave slapd[23547]: connection_get(22)
Feb  2 10:40:24 ldap-slave slapd[23547]: connection_get(22): got connid=0
Feb  2 10:40:24 ldap-slave slapd[23547]: daemon: removing 22
Search
Viewing all articles
Browse latest Browse all 47865

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search