- This topic has 1 reply, 1 voice, and was last updated 12 years ago by
.
Home › Forums › OS X Server and Client Discussion › Open Directory › 10.7.2 OD replica connects but won’t sync
Confusion.
ConfusionI have setup two fresh mac minis with server 10.7.2
I have setup one as the OD master and then connected the second machine as a Replica.
Both machines are on the same subnet, have root enabled, and have open SSH port 22
I did this first through the server admin app and everything connects but the master will not replicate to the Replica.
I set the replica back to standalone and then rejoined t using slapconfig -createreplica
this actually gave me a list of what is going on. Everything looks great until the last 5 or so lines
[code]2011-11-29 05:35:38 +0000 Waiting for slapd to start
2011-11-29 05:35:38 +0000 …
2011-11-29 05:35:39 +0000 Updating ldapreplicas on opendirectory1.adelaide.edu.au as odadmin
2011-11-29 05:35:39 +0000 command: /usr/sbin/kdcsetup -c /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a odadmin -p **** -v 1 OPENDIRECTORY1.ADELAIDE.EDU.AU
2011-11-29 05:35:40 +0000 Updating ldapreplicas record
2011-11-29 05:35:40 +0000 Updating ldapreplicas plist.
2011-11-29 05:35:40 +0000 Binding to 127.0.0.1
2011-11-29 05:35:42 +0000 command: /usr/sbin/vpnaddkeyagentuser -q /LDAPv3/127.0.0.1
2011-11-29 05:35:44 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2011-11-29 05:35:44 +0000 Got 2100 – retrying the ldapi node
2011-11-29 05:35:44 +0000 Could not find root CA certificate in system keychain
2011-11-29 05:35:44 +0000 Could not find root CA certificate in system keychain
2011-11-29 05:35:44 +0000 11 Enabling intermediate CA
2011-11-29 05:35:56 +0000 command: /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2011-11-29 05:35:56 +0000 command: /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2011-11-29 05:35:56 +0000 command: /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2011-11-29 05:35:56 +0000 Removed directory at path /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.[/code]
The interesting thing is that the time listed is totally different to the actual time on the computers. Both the master and replica are time synced to our AD but the OD connection is about 6 hours off.
Anyway once that is done i can see that the replica is connected to the master and they both have green lights.
in the var/log/slapd.log i keep getting this every minute as the servers try to synch
[code]Nov 29 16:05:37 opendirectory2 slapd[15472]: do_syncrepl1: client_connect failed (-1)
Nov 29 16:05:37 opendirectory2 slapd[15472]: do_syncrepl: rid=001 rc -1 retrying
Nov 29 16:05:37 opendirectory2 slapd[15472]: slap_client_connect: URI=ldap://opendirectory1.adelaide.edu.au:389 ldap_sasl_interactive_bind_s failed (-2)
Nov 29 16:05:37 opendirectory2 slapd[15472]: do_syncrepl1: client_connect failed (-1)
Nov 29 16:05:37 opendirectory2 slapd[15472]: do_syncrepl: rid=001 rc -1 retrying
Nov 29 16:05:37 opendirectory2 slapd[15472]: daemon: shutdown requested and initiated.
Nov 29 16:05:37 opendirectory2 slapd[15472]: daemon: posting daemon shutdown notification.
Nov 29 16:05:37 opendirectory2 slapd[15472]: slapd shutdown: waiting for 0 operations/tasks to finish
Nov 29 16:05:37 opendirectory2 slapd[15472]: slapd stopped.
Nov 29 16:05:38 opendirectory2 slapd[15570]: @(#) $OpenLDAP: slapd 2.4.23 (Sep 23 2011 14:48:19) $
root@melodie.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186.2~1/servers/slapd
Nov 29 16:05:38 opendirectory2 slapd[15570]: daemon: SLAP_SOCK_INIT: dtblsize=8192
Nov 29 16:05:38 opendirectory2 slapd[15570]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Nov 29 16:05:38 opendirectory2 slapd[15570]: slapd starting
Nov 29 16:05:38 opendirectory2 slapd[15570]: daemon: posting com.apple.slapd.startup notification
Nov 29 16:05:38 opendirectory2 slapd[15570]: slap_client_connect: URI=ldap://opendirectory1.adelaide.edu.au:389 ldap_sasl_interactive_bind_s failed (-2)
Nov 29 16:05:38 opendirectory2 slapd[15570]: do_syncrepl1: client_connect failed (-1)
Nov 29 16:05:38 opendirectory2 slapd[15570]: slap_client_connect: URI=ldap://opendirectory1.adelaide.edu.au:389 ldap_sasl_interactive_bind_s failed (-2)
Nov 29 16:05:38 opendirectory2 slapd[15570]: do_syncrepl1: client_connect failed (-1)
Nov 29 16:05:38 opendirectory2 slapd[15570]: do_syncrepl: rid=001 rc -1 retrying
Nov 29 16:05:43: — last message repeated 1 time —
Nov 29 16:05:43 opendirectory2 slapd[15570]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Nov 29 16:05:43 opendirectory2 slapd[15570]: conn=1046 op=9: attribute “entryCSN” index delete failure[/code]
I have checked the system keychain on the replica and and i can see that intermediate CA entries have been added instead of proper ones.
I have demoted both servers back to standalone and deleted all keychain entries and tried the process again. This time i setup the OD master through server.app rather than server admin and then connected the replica to it but it is still the same issue.
Any ideas on where i might go from here?
ConfusionThis morning i updated the servers to 10.7.3
I rejoined the replica to the master and everything synced fine
All the settings from WGM on the master have replicated across to the Replica.
I am relieved to say the least