Package on the consumer:
root@xenial-consumer:~# apt-cache policy slapd
slapd:
Installed: 2.4.42+dfsg-2ubuntu3.3
Candidate: 2.4.42+dfsg-2ubuntu3.3
Version table:
*** 2.4.42+dfsg-2ubuntu3.3 500
500 http://br.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
As soon as consumer setup is done, provider logs the attempted replication:
Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 fd=13 ACCEPT from IP=10.0.100.180:40382 (IP=0.0.0.0:389)
Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 op=0 UNBIND
Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 fd=13 closed
xenial verification
First confirming the bug
Package on the consumer: consumer: ~# apt-cache policy slapd dfsg-2ubuntu3. 3 dfsg-2ubuntu3. 3 dfsg-2ubuntu3. 3 500 br.archive. ubuntu. com/ubuntu xenial-updates/main amd64 Packages
root@xenial-
slapd:
Installed: 2.4.42+
Candidate: 2.4.42+
Version table:
*** 2.4.42+
500 http://
As soon as consumer setup is done, provider logs the attempted replication: 100.180: 40382 (IP=0.0.0.0:389)
Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 fd=13 ACCEPT from IP=10.0.
Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 op=0 UNBIND
Nov 16 16:53:21 xenial-provider slapd[2189]: conn=1004 fd=13 closed
Host has apparmor denied error: 1.938:973) : apparmor="DENIED" operation="open" namespace= "root// lxd-xenial- consumer_ <var-lib- lxd>" profile= "/usr/sbin/ slapd" name="/ etc/krb5/ user/112/ client. keytab" pid=7896 comm="slapd" requested_mask="r" denied_mask="r" fsuid=165648 ouid=165536
[sex nov 16 14:53:21 2018] audit: type=1400 audit(154238720
Consumer also logs replication error: connect: URI=ldap: //xenial- provider. lxd ldap_sasl_ interactive_ bind_s failed (-2)
Nov 16 16:53:21 xenial-consumer slapd[2024]: slap_client_
Nov 16 16:53:21 xenial-consumer slapd[2024]: do_syncrepl: rid=001 rc -1 retrying
Updating the packages on the consumer: consumer: ~# apt-cache policy slapd dfsg-2ubuntu3. 4 dfsg-2ubuntu3. 4 dfsg-2ubuntu3. 4 500 br.archive. ubuntu. com/ubuntu xenial- proposed/ main amd64 Packages
root@xenial-
slapd:
Installed: 2.4.42+
Candidate: 2.4.42+
Version table:
*** 2.4.42+
500 http://
Provier logs show replication worked this time: consumer, cn=gssapi, cn=auth" mech=GSSAPI sasl_ssf=56 ssf=56 "(objectClass= *)"
Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=2 BIND authcid="consumer" authzid="consumer"
Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=2 BIND dn="uid=
Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=2 RESULT tag=97 err=0 text=
Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=3 SRCH base="dc=lxd" scope=2 deref=0 filter=
Nov 16 16:55:32 xenial-provider slapd[2189]: conn=1007 op=3 SRCH attr=* +
Consumer has a kerberos ticket in /tmp:
-rw------- 1 openldap openldap 1903 Nov 16 16:55 krb5cc_112
Xenial verification succeeded.