thr3ads.net - samba - [Samba] LDAP: PDC to BDC replication issues [Mar 2018]

If this information is useful, please help other people find it:
Share via:

Praveen Ghimire

2018-Mar-12 11:58 UTC

[Samba] LDAP: PDC to BDC replication issues

Hi,

We are having some replication issues between the our PDC and BDC LDAP servers.
Here are the details

Servers:

Name: LIN-PDC1.LIN
Role: PDC
SLAPD: openldap-2.4.28
Samba: 3.6.25

Name: LIN-PDC2.LIN
Role: BDC
SLAPD: 2.4.31
Samba: 4.3.11

LDAP Method: cn=config with smbldap tools
Database: HDB
Management: PHPLAMDIN
Replication Method: refreshAndPersist


Replication:

After importing the LDIFs for Provider and consumer, we found that the in the
PDC the oldDatabase(1)HDB was converted from a file to a folder. The contents of
the which are below. In BDC it remained a file.


BDC:

LDAP sync related bits from olCDatabase(1)HDB

olcSyncrepl: {0}rid=0 provider=ldap://lin-pdc1.lin bindmethod=simple bindd
n="cn=admin,dc=lin" credentials=seceret searchbase="dc=lin"
log
base="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))
" schemachecking=on type=refreshAndPersist retry="60 +"
syncdata=accesslog
olcUpdateRef: ldap://lin-pdc1.lin

PDC:
root at lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# cat
olcOverlay\=\{0\}syncprov.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 59e49836
dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 977916ca-b8a5-1037-9fec-c19e1fce1248
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20180310115454Z
entryCSN: 20180310115454.449597Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20180310115454Z


root at lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# cat
olcOverlay\=\{1\}accesslog.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 98b496b3
dn: olcOverlay={1}accesslog
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
entryUUID: 97792548-b8a5-1037-9fed-c19e1fce1248
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20180310115454Z
entryCSN: 20180310115454.449968Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20180310115454Z

Results


-          When the sync was first setup, the ldap data from PDC to BDC
replicated.

-          The following shows the replication is happening. Not sure if the CSN
is meant to be different

root at lin-pdc2:/tmp/smbldap_files_lin-pdc2/ldifs# ldapsearch -z1 -LLLQY
EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN
dn: dc=lin
contextCSN: 20180312013413.103495Z#000000#000#000000
root at lin-pdc1:/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb# ldapsearch -z1
-LLLQY EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN
dn: dc=lin
contextCSN: 20180312065856.371133Z#000000#000#000000


-          The replication stopped working after the initial dump. Logs from PDC
and BDC below

PDC

slapd[25513]: hdb_db_open: warning - no DB_CONFIG file found in directory
/var/lib/ldap/accesslog: (2).#012Expect poor performance for suffix
"cn=accesslog".
slapd starting
slapd[25513]: findbase failed! 32

BDC
slapd[9799]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (32) No such object
slapd[9799]: do_syncrep2: rid=000 (32) No such object
slapd[9799]: do_syncrepl: rid=000 rc -2 retrying

Troubleshooting steps:


-          Used IP instead of hostname

-          Used the samba.ldif (schema) file from Samba 3 (BDC) for both PDC and
BDC. This is to potentially mitigate issues due to different schema versions

-          Confirmed that the cn=admin,dc=lin password across both DCs are same.

Can anyone please advise as to where the issue could be?


Regards,

Praveen Ghimire

Harry Jede

2018-Mar-12 13:20 UTC

head link

[Samba] LDAP: PDC to BDC replication issues

Am Montag, 12. März 2018, 11:58:45 CET schrieb Praveen Ghimire via 
samba:> Hi,
> 
> We are having some replication issues between the our PDC and BDC 
LDAP> servers. Here are the detailsFirst things first:
You should ask this question on the openldap mailing list:
*openldap-technical at openldap.org[1]*

The first naswer you may get:

2.4.31 is released on 2012/04/21
2.4.28 is released on 2011/11/26

So both versions you use are realy old, and during the last 7 years 
openldap team has fixed lot of replication isues. No one is willing to 
support such old software. Please update first.

current release is 2.4.45
> Servers:
> 
> Name: LIN-PDC1.LIN
> Role: PDC
> SLAPD: openldap-2.4.28
> Samba: 3.6.25
> 
> Name: LIN-PDC2.LIN
> Role: BDC
> SLAPD: 2.4.31
> Samba: 4.3.11
> Can anyone please advise as to where the issue could be?
> 
> 
> Regards,
> 
> Praveen Ghimire

-- 

Gruss
	Harry Jede

--------
[1] mailto:openldap-technical%40openldap.org

Praveen Ghimire

2018-Mar-13 11:21 UTC

head link

[Samba] LDAP: PDC to BDC replication issues

Harry,

Thank you.

Unfortunately we don't have the choice of upgrading LDAP due to distro not
supporting the newer version.  However we have managed to get it to work.  A lot
of fiddling around.

I do have another question though ;). Now that we have LDAP replicating, how do
I transfer the "samba classic " PDC role to our BDC. I have read that
using the domain master=yes in smb.conf is not enough.  Do I need to change the
NS and SOA entry in our bind 9 hosts file to point to the existing BDC as we are
not setting up Netbios entries in the client machine?  Also will wr need to make
changes to other parameters in smb.conf?





Regards,

Praveen Ghimire


-------- Original message --------
From: Harry Jede <walk2sun at arcor.de>
Date: 12/03/2018 11:20 PM (GMT+10:00)
To: samba at lists.samba.org, Praveen Ghimire <PGhimire at sundata.com.au>
Subject: Re: [Samba] LDAP: PDC to BDC replication issues


Am Montag, 12. März 2018, 11:58:45 CET schrieb Praveen Ghimire via samba:
> Hi,
>
> We are having some replication issues between the our PDC and BDC LDAP
> servers. Here are the details
First things first:

You should ask this question on the openldap mailing list:

openldap-technical at
openldap.org<mailto:openldap-technical%40openldap.org>



The first naswer you may get:



2.4.31 is released on 2012/04/21

2.4.28 is released on 2011/11/26



So both versions you use are realy old, and during the last 7 years openldap
team has fixed lot of replication isues. No one is willing to support such old
software. Please update first.



current release is 2.4.45


> Servers:
>
> Name: LIN-PDC1.LIN
> Role: PDC
> SLAPD: openldap-2.4.28
> Samba: 3.6.25
>
> Name: LIN-PDC2.LIN
> Role: BDC
> SLAPD: 2.4.31
> Samba: 4.3.11



> Can anyone please advise as to where the issue could be?
>
>
> Regards,
>
> Praveen Ghimire




--



Gruss

Harry Jede

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

Reasonably Related Threads

Search for more maybe matching threads

samba - Mar 2018 - LDAP: PDC to BDC replication issues

[Samba] LDAP: PDC to BDC replication issues

[Samba] LDAP: PDC to BDC replication issues

[Samba] LDAP: PDC to BDC replication issues

Reasonably Related Threads