I'm trying to move my OpenLDAP MMR configuration from RHEL 6.5 (OpenLDAP
2.4.23) to RHEL 6.7 (OpenLDAP 2.4.40). On RHEL 6.5 it is working no with
no problems. On RHEL 6.7, the configuration causes "ldapsearch -ZZ" to
hang indefinitely.
The cn=config section in slapd.conf looks like this:
# sync provider configuration
overlay syncprov
syncprov-checkpoint 1 1
syncrepl rid=001
provider=ldap://server1
searchbase="cn=config"
filter="(|(objectClass=olcDatabaseConfig)(objectClass=olcOverlayConfig))"
bindmethod=sasl saslmech=EXTERNAL starttls=critical
tls_cert=/etc/openldap/csa-certs/config.crt
tls_key=/etc/openldap/csa-certs/config.key
tls_cacert=/etc/openldap/csa-certs/cacert.pem
tls_reqcert=demand
type=refreshAndPersist
retry="5 10 10 10 30 +"
timeout=1
syncrepl rid=002
provider=ldap://server2
searchbase="cn=config"
filter="(|(objectClass=olcDatabaseConfig)(objectClass=olcOverlayConfig))"
bindmethod=sasl saslmech=EXTERNAL starttls=critical
tls_cert=/etc/openldap/csa-certs/config.crt
tls_key=/etc/openldap/csa-certs/config.key
tls_cacert=/etc/openldap/csa-certs/cacert.pem
tls_reqcert=demand
type=refreshAndPersist
retry="5 10 10 10 30 +"
timeout=1
mirrormode on
If I comment out that section in slapd.conf then "ldapsearch -ZZ" works but
(obviously) I don't get cn=config replication.
Am I doing something wrong in the configuration? Is it a fluke that it is
working on 2.4.23 in the first place? Or does anyone know what may have
changed (or is more strict or whatever) in the 2.4.40 release?
Should I try to just remove RHEL's version of OpenLDAP and install the
latest from openldap.org instead?
Any assistance is highly appreciated!
Thanks,
--
Frank
