search

osixia / docker-openldap

OpenLDAP container image 🐳🌴
MIT License
4.03k stars 974 forks source link

Replication failed with 'slap_global_control: unrecognized control' #334

Open maximnik opened 5 years ago

maximnik commented 5 years ago

I'm trying to set master-replica configuration. Master env.yaml:

LDAP_TLS=true
LDAP_TLS_CRT_FILENAME=<crt>
LDAP_TLS_KEY_FILENAME=<key>
LDAP_TLS_CA_CRT_FILENAME=<ca
LDAP_DOMAIN=<domain>
LDAP_BACKEND=bdb
LDAP_REMOVE_CONFIG_AFTER_SETUP=false
LDAP_CONFIG_PASSWORD=<pass>
LDAP_ADMIN_PASSWORD=<pass>
LDAP_TLS_VERIFY_CLIENT=try
LDAP_OPENLDAP_UID=<user>
LDAP_OPENLDAP_GID=<user>

Master starts Ok.

Replication env:

LDAP_TLS=true
LDAP_TLS_CRT_FILENAME=<crt>
LDAP_TLS_KEY_FILENAME=<key>
LDAP_TLS_CA_CRT_FILENAME=<ca
LDAP_DOMAIN=<domain>
LDAP_BACKEND=bdb
LDAP_REMOVE_CONFIG_AFTER_SETUP=false
LDAP_CONFIG_PASSWORD=<pass>
LDAP_ADMIN_PASSWORD=<pass>
LDAP_TLS_VERIFY_CLIENT=try
LDAP_OPENLDAP_UID=<user>
LDAP_OPENLDAP_GID=<user>
LDAP_REPLICATION=true
LDAP_BASE_DN=dc=<domain>,dc=net
LDAP_REPLICATION_HOSTS='<ldap_master_url>'
LDAP_REPLICATION_CONFIG_SYNCPROV=binddn="cn=admin,cn=config" bindmethod=simple credentials="$LDAP_CONFIG_PASSWORD" searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
LDAP_REPLICATION_DB_SYNCPROV=binddn="cn=Manager,$LDAP_BASE_DN" bindmethod=simple credentials="$LDAP_ADMIN_PASSWORD" searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical

In master logs I see following error:

5d2b070f slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.1.9.1.1

And see nothing on replica server.

I've tried to add mod_syncprov module to master:

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib/openldap
olcModuleLoad: syncprov.la

as well as syncprov.ldif:

dn: olcOverlay=syncprov,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100

If I don't specify syncprov - I don't see that replica server tries to connect to master.

silencej commented 4 years ago

The syncprov.la is actually under /usr/lib/ldap

mabrouk2005 commented 1 year ago

I just ran into same issue. were you able to fix it? if so how. thanks