Bionic verification
Reproducing the bug with: root@bionic-consumer:~# apt-cache policy slapd slapd: Installed: 2.4.45+dfsg-1ubuntu1 Candidate: 2.4.45+dfsg-1ubuntu1 Version table: *** 2.4.45+dfsg-1ubuntu1 500 500 http://br.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
Provider logs as soon as the consumer finished setup, showing replication attempt that didn't complete: Nov 16 16:40:30 bionic-provider slapd[1710]: conn=1004 fd=12 ACCEPT from IP=10.0.100.14:34322 (IP=0.0.0.0:389) Nov 16 16:40:30 bionic-provider slapd[1710]: conn=1004 op=0 UNBIND Nov 16 16:40:30 bionic-provider slapd[1710]: conn=1004 fd=12 closed
Host logs showing apparmor denied messages: [sex nov 16 14:40:29 2018] audit: type=1400 audit(1542386430.603:919): apparmor="DENIED" operation="open" namespace="root//lxd-bionic-consumer_<var-lib-lxd>" profile="/usr/sbin/slapd" name="/etc/krb5/user/111/client.keytab" pid=17456 comm="slapd" requested_mask="r" denied_mask="r" fsuid=165647 ouid=165536
Updating the consumer's packages: root@bionic-consumer:~# apt-cache policy slapd slapd: Installed: 2.4.45+dfsg-1ubuntu1.1 Candidate: 2.4.45+dfsg-1ubuntu1.1 Version table: *** 2.4.45+dfsg-1ubuntu1.1 500 500 http://br.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages
Replication attempt succeeded (provider's logs): Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=2 BIND dn="" method=163 Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=2 BIND authcid="consumer" authzid="consumer" Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=2 BIND dn="uid=consumer,cn=gssapi,cn=auth" mech=GSSAPI sasl_ssf=56 ssf=56 Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=2 RESULT tag=97 err=0 text= Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=3 SRCH base="dc=lxd" scope=2 deref=0 filter="(objectClass=*)" Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=3 SRCH attr=* +
Consumer has kerberos ticket in /tmp: -rw------- 1 openldap openldap 1903 Nov 16 16:42 krb5cc_111
Bionic verification succeeded.
Bionic verification
Reproducing the bug with: consumer: ~# apt-cache policy slapd dfsg-1ubuntu1 dfsg-1ubuntu1 dfsg-1ubuntu1 500 br.archive. ubuntu. com/ubuntu bionic/main amd64 Packages
root@bionic-
slapd:
Installed: 2.4.45+
Candidate: 2.4.45+
Version table:
*** 2.4.45+
500 http://
Provider logs as soon as the consumer finished setup, showing replication attempt that didn't complete: 100.14: 34322 (IP=0.0.0.0:389)
Nov 16 16:40:30 bionic-provider slapd[1710]: conn=1004 fd=12 ACCEPT from IP=10.0.
Nov 16 16:40:30 bionic-provider slapd[1710]: conn=1004 op=0 UNBIND
Nov 16 16:40:30 bionic-provider slapd[1710]: conn=1004 fd=12 closed
Host logs showing apparmor denied messages: 0.603:919) : apparmor="DENIED" operation="open" namespace= "root// lxd-bionic- consumer_ <var-lib- lxd>" profile= "/usr/sbin/ slapd" name="/ etc/krb5/ user/111/ client. keytab" pid=17456 comm="slapd" requested_mask="r" denied_mask="r" fsuid=165647 ouid=165536
[sex nov 16 14:40:29 2018] audit: type=1400 audit(154238643
Updating the consumer's packages: consumer: ~# apt-cache policy slapd dfsg-1ubuntu1. 1 dfsg-1ubuntu1. 1 dfsg-1ubuntu1. 1 500 br.archive. ubuntu. com/ubuntu bionic- proposed/ main amd64 Packages
root@bionic-
slapd:
Installed: 2.4.45+
Candidate: 2.4.45+
Version table:
*** 2.4.45+
500 http://
Replication attempt succeeded (provider's logs): consumer, cn=gssapi, cn=auth" mech=GSSAPI sasl_ssf=56 ssf=56 "(objectClass= *)"
Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=2 BIND dn="" method=163
Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=2 BIND authcid="consumer" authzid="consumer"
Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=2 BIND dn="uid=
Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=2 RESULT tag=97 err=0 text=
Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=3 SRCH base="dc=lxd" scope=2 deref=0 filter=
Nov 16 16:42:42 bionic-provider slapd[1710]: conn=1007 op=3 SRCH attr=* +
Consumer has kerberos ticket in /tmp:
-rw------- 1 openldap openldap 1903 Nov 16 16:42 krb5cc_111
Bionic verification succeeded.