Yes, I used distro packages for Centos 6; and yes, I understand your point. I may have the luxury of building openldap from scratch for LDAP02, though I don't have the redundancy (the point of this whole exercise) that I need to reinstall LDAP01 by building it from scratch. That was an unfortunate mistake in hindsight that I stuck with the distro package there. I suppose to start over I would have to make a new server and slapcat the LDAP01 config? How would I carry over the existing DB entries without using replication? I'm still a novice when it comes to OLC.
As for the ACL, that was a result of my sloppy email editing. I changed the name of the DNs. They actually match in my config. Once I proof-of-concept the replication I will create replication-only user DNs. But nothing looks overtly amiss with my CSNs or UUIDs? Thanks, Josh On Tue, Sep 16, 2014 at 10:16 AM, Michael Ströder <[email protected]> wrote: > Josh Nielsen wrote: >> OLC server (LDAP01 - version 2.4.23) the new master and threw up a new >> VM called LDAP02 (2.4.23) to become the new sync replication >> slave/consumer. > > Don't use such an ancient version which is four years old now. > Many syncrepl issues have been fixed since then (and are to be fixed in > upcoming 2.4.40). > > And better don't argue that you have to use your favourite distribution's > packages. We had this discussion here numerous times. > > And of course it could be a ACL issue in your particular configuration. > In particular you have > > olcRootDN: cn=admin,dc=mydomain,dc=org > > but > > olcSyncrepl: {0} [..] binddn="cn=root,dc=mydomain,dc=org" > > Anyway you should not use rootdn for anything. Set up proper group-based ACLs > for service accounts instead. > > ... > > Ciao, Michael. >
