Cosmic verification
slapd package on the consumer: Installed: 2.4.46+dfsg-5ubuntu1 Candidate: 2.4.46+dfsg-5ubuntu1 Version table: *** 2.4.46+dfsg-5ubuntu1 500 500 http://br.archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
Confirming failed replication attempt: provider: Nov 16 16:16:53 cosmic-provider slapd[2339]: conn=1004 fd=12 ACCEPT from IP=10.0.100.71:37472 (IP=0.0.0.0:389) Nov 16 16:16:53 cosmic-provider slapd[2339]: conn=1004 op=0 UNBIND Nov 16 16:16:53 cosmic-provider slapd[2339]: conn=1004 fd=12 closed
consumer: Nov 16 16:16:53 cosmic-consumer slapd[2344]: slap_client_connect: URI=ldap://cosmic-provider.lxd ldap_sasl_interactive_bind_s failed (-2) Nov 16 16:16:53 cosmic-consumer slapd[2344]: do_syncrepl: rid=001 rc -1 retrying
Host: [sex nov 16 14:17:52 2018] audit: type=1400 audit(1542385073.436:831): apparmor="DENIED" operation="open" namespace="root//lxd-cosmic-consumer_<var-lib-lxd>" profile="/usr/sbin/slapd" name="/etc/krb5/user/110/client.keytab" pid=20151 comm="slapd" requested_mask="r" denied_mask="r" fsuid=165646 ouid=165536
Right after the consumer's openldap packages were updated, the provider logged this, showing that replication is working: Nov 16 16:34:46 cosmic-provider slapd[2339]: conn=1022 fd=12 ACCEPT from IP=10.0.100.71:37582 (IP=0.0.0.0:389) Nov 16 16:34:46 cosmic-provider slapd[2339]: conn=1022 op=0 BIND dn="" method=163 Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=0 RESULT tag=97 err=14 text=SASL(0): successful result: Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=1 BIND dn="" method=163 Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=1 RESULT tag=97 err=14 text=SASL(0): successful result: Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=2 BIND dn="" method=163 Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=2 BIND authcid="consumer" authzid="consumer" Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=2 BIND dn="uid=consumer,cn=gssapi,cn=auth" mech=GSSAPI sasl_ssf=56 ssf=56 Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=2 RESULT tag=97 err=0 text= Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=3 SRCH base="dc=lxd" scope=2 deref=0 filter="(objectClass=*)" Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=3 SRCH attr=* +
The consumer also has a tgt now in /tmp: -rw------- 1 openldap openldap 1903 Nov 16 16:34 krb5cc_110
Consumer's packages: root@cosmic-consumer:~# apt-cache policy slapd slapd: Installed: 2.4.46+dfsg-5ubuntu1.1 Candidate: 2.4.46+dfsg-5ubuntu1.1 Version table: *** 2.4.46+dfsg-5ubuntu1.1 500 500 http://br.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64 Packages
Cosmic verification succeeded.
Cosmic verification
slapd package on the consumer: dfsg-5ubuntu1 dfsg-5ubuntu1 dfsg-5ubuntu1 500 br.archive. ubuntu. com/ubuntu cosmic/main amd64 Packages
Installed: 2.4.46+
Candidate: 2.4.46+
Version table:
*** 2.4.46+
500 http://
Confirming failed replication attempt: 100.71: 37472 (IP=0.0.0.0:389)
provider:
Nov 16 16:16:53 cosmic-provider slapd[2339]: conn=1004 fd=12 ACCEPT from IP=10.0.
Nov 16 16:16:53 cosmic-provider slapd[2339]: conn=1004 op=0 UNBIND
Nov 16 16:16:53 cosmic-provider slapd[2339]: conn=1004 fd=12 closed
consumer: connect: URI=ldap: //cosmic- provider. lxd ldap_sasl_ interactive_ bind_s failed (-2)
Nov 16 16:16:53 cosmic-consumer slapd[2344]: slap_client_
Nov 16 16:16:53 cosmic-consumer slapd[2344]: do_syncrepl: rid=001 rc -1 retrying
Host: 3.436:831) : apparmor="DENIED" operation="open" namespace= "root// lxd-cosmic- consumer_ <var-lib- lxd>" profile= "/usr/sbin/ slapd" name="/ etc/krb5/ user/110/ client. keytab" pid=20151 comm="slapd" requested_mask="r" denied_mask="r" fsuid=165646 ouid=165536
[sex nov 16 14:17:52 2018] audit: type=1400 audit(154238507
Right after the consumer's openldap packages were updated, the provider logged this, showing that replication is working: 100.71: 37582 (IP=0.0.0.0:389) consumer, cn=gssapi, cn=auth" mech=GSSAPI sasl_ssf=56 ssf=56 "(objectClass= *)"
Nov 16 16:34:46 cosmic-provider slapd[2339]: conn=1022 fd=12 ACCEPT from IP=10.0.
Nov 16 16:34:46 cosmic-provider slapd[2339]: conn=1022 op=0 BIND dn="" method=163
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=0 RESULT tag=97 err=14 text=SASL(0): successful result:
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=1 BIND dn="" method=163
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=1 RESULT tag=97 err=14 text=SASL(0): successful result:
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=2 BIND dn="" method=163
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=2 BIND authcid="consumer" authzid="consumer"
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=2 BIND dn="uid=
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=2 RESULT tag=97 err=0 text=
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=3 SRCH base="dc=lxd" scope=2 deref=0 filter=
Nov 16 16:34:51 cosmic-provider slapd[2339]: conn=1022 op=3 SRCH attr=* +
The consumer also has a tgt now in /tmp:
-rw------- 1 openldap openldap 1903 Nov 16 16:34 krb5cc_110
Consumer's packages: consumer: ~# apt-cache policy slapd dfsg-5ubuntu1. 1 dfsg-5ubuntu1. 1 dfsg-5ubuntu1. 1 500 br.archive. ubuntu. com/ubuntu cosmic- proposed/ main amd64 Packages
root@cosmic-
slapd:
Installed: 2.4.46+
Candidate: 2.4.46+
Version table:
*** 2.4.46+
500 http://
Cosmic verification succeeded.