RE: Syncrepl and mmr

Borresen, John - 0442 - MITLL Fri, 31 Jan 2014 05:57:20 -0800

Thanks Quanah

I'm sure it isn't 100% correct, but I added the following ACL to my accesslog 
DB on both MM servers:


olcAccess: to * by dn="cn=ldapadmin,dc=group42,dc=ldap" read by * none

I'm still seeing 
gp42-admin3 (MM server1)
Jan 31 08:25:17 gp42-admin3 slapd[3599]: conn=5551 op=2 SRCH 
base="cn=accesslog" scope=2 deref=0 filter="(objectClass=*)"
Jan 31 08:25:17 gp42-admin3 slapd[3599]: conn=5551 op=2 SRCH attr=reqDN reqType 
reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN
Jan 31 08:25:17 gp42-admin3 slapd[3599]: do_syncrep2: rid=001 got empty 
syncUUID with LDAP_SYNC_ADD (cn=accesslog)
Jan 31 08:25:17 gp42-admin3 slapd[3599]: do_syncrepl: rid=001 rc -1 retrying
Jan 31 08:25:17 gp42-admin3 slapd[3599]: send_search_entry: conn 5551  ber 
write failed.
Jan 31 08:25:17 gp42-admin3 slapd[3599]: conn=5551 fd=32 closed (connection 
lost on write)
Jan 31 08:25:17 gp42-admin3 slapd[3599]: do_syncrep2: rid=002 got empty 
syncUUID with LDAP_SYNC_ADD (cn=accesslog)
Jan 31 08:25:17 gp42-admin3 slapd[3599]: do_syncrepl: rid=002 rc -1 retrying

gp42-admin4 (MM server2)
Jan 31 08:25:19 gp42-admin4 slapd[26000]: conn=8050 fd=101 ACCEPT from 
IP=155.34.133.73:10446 (IP=0.0.0.0:389)
Jan 31 08:25:19 gp42-admin4 slapd[26000]: conn=8050 op=0 BIND 
dn="dc=group42,dc=ldap" method=163
Jan 31 08:25:19 gp42-admin4 slapd[26000]: conn=8050 op=0 RESULT tag=97 err=13 
text=TLS confidentiality required
Jan 31 08:25:19 gp42-admin4 slapd[26000]: conn=8050 op=1 BIND 
dn="cn=ldapadmin,dc=group42,dc=ldap" method=128
Jan 31 08:25:19 gp42-admin4 slapd[26000]: conn=8050 op=1 RESULT tag=97 err=13 
text=TLS confidentiality required
Jan 31 08:25:19 gp42-admin4 slapd[26000]: conn=8050 op=2 UNBIND
Jan 31 08:25:19 gp42-admin4 slapd[26000]: conn=8050 fd=101 closed
Jan 31 08:25:51 gp42-admin4 slapd[26000]: do_syncrep2: rid=001 got empty 
syncUUID with LDAP_SYNC_ADD (cn=accesslog)
Jan 31 08:25:51 gp42-admin4 slapd[26000]: do_syncrepl: rid=001 rc -1 retrying


-----Original Message-----
From: Quanah Gibson-Mount [mailto:[email protected]] 
Sent: Thursday, January 30, 2014 5:10 PM
To: Borresen, John - 0442 - MITLL; [email protected]
Subject: RE: Syncrepl and mmr

--On Thursday, January 30, 2014 4:51 PM -0500 "Borresen, John - 0442 - MITLL" 
<[email protected]> wrote:

> Well, that was helpful -- lol


Looking at your previously supplied configuration, it is clearly apparent that 
you provided your replication user no ACLs to read the accesslog DB, so the 
error you see makes sense.  It can't read the data out of accesslog, so it 
throws an error stating that fact.

--Quanah

--

Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

RE: Syncrepl and mmr

Reply via email to