Re: lloadd and cn=config

[Quanah Gibson-Mount]

--On Wednesday, December 6, 2023 8:11 PM +0100 Stefan Kania 
 wrote:



Hi Ondrej,

I restarted with a new test.
Now I'm having 2 loadbalancer one is configured via cn=config and one
over slapd.conf. Both are configured exactly the same. Same binduser,
same ldap-server same everything.
For my test I started tcpdump on the loadbalancer and on the two
ldap-server.



Out of curiosity -

If you define a:

database config

section in slapd.conf, and then make it so you can connect to the config db 
and dump it via ldapsearch, does it match your cn=config database you're 
working from? or have the same issue if you use that dump as the 
configuration?


--Quanah

Re: lloadd and cn=config

[Stefan Kania]

Hi Ondrej,

I restarted with a new test.
Now I'm having 2 loadbalancer one is configured via cn=config and one 
over slapd.conf. Both are configured exactly the same. Same binduser, 
same ldap-server same everything.
For my test I started tcpdump on the loadbalancer and on the two 
ldap-server.


Starting the loadbalancer which is configured via slapd.conf I can see 
all the packages on both, the ldap-servers and the loadbalancer.


Doing the same test with the loadbalancer configured via cn=config I see 
absolutely nothing, no package is send.


When I set the loglevel to any, I can see that slapd is reading the 
configuration from cn=config, but I can't see any error. Slapd is 
running but no connection to any of the ldap-server is established.


Next thing I did was starting the slapd over the commandline with strace 
on both systems
 strace /opt/symas/lib/slapd -f /opt/symas/etc/openldap/slapd.conf 
2>start-mit-strace


and

strace /opt/symas/lib/slapd -F /opt/symas/etc/openldap/slapd.d 
2>start-mit-strace


The result for the server with slapd.conf is showning:
---
connect(10, {sa_family=AF_INET6, sin6_port=htons(1389), 
sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), 
sin6_scope_id=0}, 28) = 0
connect(10, {sa_family=AF_INET, sin_port=htons(1389), 
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
bind(10, {sa_family=AF_INET, sin_port=htons(1389), 
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
bind(11, {sa_family=AF_INET6, sin6_port=htons(1389), 
sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), 
sin6_scope_id=0}, 28) = 0

...
connect(12, {sa_family=AF_INET6, sin6_port=htons(1636), 
sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), 
sin6_scope_id=0}, 28) = 0
connect(12, {sa_family=AF_INET, sin_port=htons(1636), 
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
bind(12, {sa_family=AF_INET, sin_port=htons(1636), 
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
bind(13, {sa_family=AF_INET6, sin6_port=htons(1636), 
sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), 
sin6_scope_id=0}, 28) = 0

---

The same search in the result on the loadbalancer configured via 
cn=config is showing nothing.


I don't know where else I can search. It must be possible to configure 
the loadbalancer via cn=config.


On both loadbalancer "ss -tlpn" is showing the port 389 636 1389 1636 as 
listing.


Trying to connect with "telnet  1636" to both, only on the 
loadbalancer configured via slapd.conf I can see packages arriving in 
tcpdump.


There is NO firewall at all running on both systems!

Any idea?


Am 04.12.23 um 14:51 schrieb Stefan Kania:
Now I did a check with tcpdump. Starting tcpdump on both systems I see, 
that the tcp connection is established. But now packages send when doing 
a ldapsearch.


smime.p7s
Description: Kryptografische S/MIME-Signatur