xenial verification First confirming the bug
Package on the consumer: root@xenial-consumer:~# apt-cache policy slapd slapd: Installed: 2.4.42+dfsg-2ubuntu3.3 Candidate: 2.4.42+dfsg-2ubuntu3.3 Version table: *** 2.4.42+dfsg-2ubuntu3.3 500 500 http://br.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages As soon as consumer setup is done, provider logs the attempted replication: Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 fd=13 ACCEPT from IP=10.0.100.180:40382 (IP=0.0.0.0:389) Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 op=0 UNBIND Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 fd=13 closed Host has apparmor denied error: [sex nov 16 14:53:21 2018] audit: type=1400 audit(1542387201.938:973): apparmor="DENIED" operation="open" namespace="root//lxd-xenial-consumer_<var-lib-lxd>" profile="/usr/sbin/slapd" name="/etc/krb5/user/112/client.keytab" pid=7896 comm="slapd" requested_mask="r" denied_mask="r" fsuid=165648 ouid=165536 Consumer also logs replication error: Nov 16 16:53:21 xenial-consumer slapd[2024]: slap_client_connect: URI=ldap://xenial-provider.lxd ldap_sasl_interactive_bind_s failed (-2) Nov 16 16:53:21 xenial-consumer slapd[2024]: do_syncrepl: rid=001 rc -1 retrying Updating the packages on the consumer: root@xenial-consumer:~# apt-cache policy slapd slapd: Installed: 2.4.42+dfsg-2ubuntu3.4 Candidate: 2.4.42+dfsg-2ubuntu3.4 Version table: *** 2.4.42+dfsg-2ubuntu3.4 500 500 http://br.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages Provier logs show replication worked this time: Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=2 BIND authcid="consumer" authzid="consumer" Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=2 BIND dn="uid=consumer,cn=gssapi,cn=auth" mech=GSSAPI sasl_ssf=56 ssf=56 Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=2 RESULT tag=97 err=0 text= Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=3 SRCH base="dc=lxd" scope=2 deref=0 filter="(objectClass=*)" Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=3 SRCH attr=* + Consumer has a kerberos ticket in /tmp: -rw------- 1 openldap openldap 1903 Nov 16 16:55 krb5cc_112 Xenial verification succeeded. ** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783183 Title: apparmor profile denied for kerberos client keytab and credential cache files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1783183/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs