reproducing the bug:
slapd:
Installed: 2.4.31-1+nmu2ubuntu8.4
Candidate: 2.4.31-1+nmu2ubuntu8.4
Version table:
*** 2.4.31-1+nmu2ubuntu8.4 0
500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
As soon as the consumer is setup, the provider logs the attempted replication:
Nov 16 18:24:12 trusty-provider slapd[3414]: conn=1004 fd=19 ACCEPT from IP=10.0.100.46:58678 (IP=0.0.0.0:389)
Nov 16 18:24:12 trusty-provider slapd[3414]: conn=1004 op=0 UNBIND
Nov 16 18:24:12 trusty-provider slapd[3414]: conn=1004 fd=19 closed
Consumer logs that it was a failure:
Nov 16 18:24:12 trusty-consumer slapd[3408]: slap_client_connect: URI=ldap://trusty-provider.lxd ldap_sasl_interactive_bind_s failed (-2)
Nov 16 18:24:12 trusty-consumer slapd[3408]: do_syncrepl: rid=001 rc -1 retrying
trusty verification
reproducing the bug: 1+nmu2ubuntu8. 4 1+nmu2ubuntu8. 4 1+nmu2ubuntu8. 4 0 archive. ubuntu. com/ubuntu/ trusty-updates/main amd64 Packages
slapd:
Installed: 2.4.31-
Candidate: 2.4.31-
Version table:
*** 2.4.31-
500 http://
As soon as the consumer is setup, the provider logs the attempted replication: 100.46: 58678 (IP=0.0.0.0:389)
Nov 16 18:24:12 trusty-provider slapd[3414]: conn=1004 fd=19 ACCEPT from IP=10.0.
Nov 16 18:24:12 trusty-provider slapd[3414]: conn=1004 op=0 UNBIND
Nov 16 18:24:12 trusty-provider slapd[3414]: conn=1004 fd=19 closed
Consumer logs that it was a failure: connect: URI=ldap: //trusty- provider. lxd ldap_sasl_ interactive_ bind_s failed (-2)
Nov 16 18:24:12 trusty-consumer slapd[3408]: slap_client_
Nov 16 18:24:12 trusty-consumer slapd[3408]: do_syncrepl: rid=001 rc -1 retrying
Host logs apparmor denied message: 2.079:1015) : apparmor="DENIED" operation="open" namespace= "root// lxd-trusty- consumer_ <var-lib- lxd>" profile= "/usr/sbin/ slapd" name="/ etc/krb5/ user/106/ client. keytab" pid=22261 comm="slapd" requested_mask="r" denied_mask="r" fsuid=165642 ouid=165536
[sex nov 16 16:24:11 2018] audit: type=1400 audit(154239265
Updating the openldap packages on the consumer: consumer: ~# apt-cache policy slapd 1+nmu2ubuntu8. 5 1+nmu2ubuntu8. 5 1+nmu2ubuntu8. 5 0 archive. ubuntu. com/ubuntu/ trusty- proposed/ main amd64 Packages
root@trusty-
slapd:
Installed: 2.4.31-
Candidate: 2.4.31-
Version table:
*** 2.4.31-
500 http://
Provider logs the replication: consumer, cn=gssapi, cn=auth" mech=GSSAPI sasl_ssf=56 ssf=56 "(objectClass= *)"
Nov 16 18:26:15 trusty-provider slapd[3414]: conn=1007 op=2 BIND authcid="consumer" authzid="consumer"
Nov 16 18:26:15 trusty-provider slapd[3414]: conn=1007 op=2 BIND dn="uid=
Nov 16 18:26:15 trusty-provider slapd[3414]: conn=1007 op=2 RESULT tag=97 err=0 text=
Nov 16 18:26:15 trusty-provider slapd[3414]: conn=1007 op=3 SRCH base="dc=lxd" scope=2 deref=0 filter=
Nov 16 18:26:15 trusty-provider slapd[3414]: conn=1007 op=3 SRCH attr=* +
Consumer has kerberos ticket:
-rw------- 1 openldap openldap 1903 Nov 16 18:26 krb5cc_106
Trusty verification succeeded.