Web lists-archives.com

[Samba] LDAP: PDC to BDC replication issues




Hi,

We are having some replication issues between the our PDC and BDC LDAP servers. Here are the details

Servers:

Name: LIN-PDC1.LIN
Role: PDC
SLAPD: openldap-2.4.28
Samba: 3.6.25

Name: LIN-PDC2.LIN
Role: BDC
SLAPD: 2.4.31
Samba: 4.3.11

LDAP Method: cn=config with smbldap tools
Database: HDB
Management: PHPLAMDIN
Replication Method: refreshAndPersist


Replication:

After importing the LDIFs for Provider and consumer, we found that the in the PDC the oldDatabase(1)HDB was converted from a file to a folder. The contents of the which are below. In BDC it remained a file.


BDC:

LDAP sync related bits from olCDatabase(1)HDB

olcSyncrepl: {0}rid=0 provider=ldap://lin-pdc1.lin bindmethod=simple bindd
n="cn=admin,dc=lin" credentials=seceret searchbase="dc=lin" log
base="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog
olcUpdateRef: ldap://lin-pdc1.lin

PDC:
root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# cat olcOverlay\=\{0\}syncprov.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 59e49836
dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 977916ca-b8a5-1037-9fec-c19e1fce1248
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20180310115454Z
entryCSN: 20180310115454.449597Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20180310115454Z


root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# cat olcOverlay\=\{1\}accesslog.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 98b496b3
dn: olcOverlay={1}accesslog
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
entryUUID: 97792548-b8a5-1037-9fed-c19e1fce1248
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20180310115454Z
entryCSN: 20180310115454.449968Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20180310115454Z

Results


-          When the sync was first setup, the ldap data from PDC to BDC replicated.

-          The following shows the replication is happening. Not sure if the CSN is meant to be different

root@lin-pdc2:/tmp/smbldap_files_lin-pdc2/ldifs# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN
dn: dc=lin
contextCSN: 20180312013413.103495Z#000000#000#000000
root@lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN
dn: dc=lin
contextCSN: 20180312065856.371133Z#000000#000#000000


-          The replication stopped working after the initial dump. Logs from PDC and BDC below

PDC

slapd[25513]: hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap/accesslog: (2).#012Expect poor performance for suffix
"cn=accesslog".
slapd starting
slapd[25513]: findbase failed! 32

BDC
slapd[9799]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (32) No such object
slapd[9799]: do_syncrep2: rid=000 (32) No such object
slapd[9799]: do_syncrepl: rid=000 rc -2 retrying

Troubleshooting steps:


-          Used IP instead of hostname

-          Used the samba.ldif (schema) file from Samba 3 (BDC) for both PDC and BDC. This is to potentially mitigate issues due to different schema versions

-          Confirmed that the cn=admin,dc=lin password across both DCs are same.

Can anyone please advise as to where the issue could be?


Regards,

Praveen Ghimire

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba