LDAP Replication Errors
I have an OD Master and an OD Replica that are showing errors in the slapd log. I get the following on both machines:
Aug 22 09:48:17 server slapd[936]: slap_client_connect: URI=ldap://server.example.com:389 ldap_sasl_interactive_bind_s failed (-2)
Aug 22 09:48:17 server slapd[936]: do_syncrepl1: client_connect failed (-1)
To test that everything should work I used the following command:
ldapsearch -H ldap://server.example.com:389 -Y CRAM-MD5 -I -b "dc=server,dc=example,dc=com"
That works on both boxes using an account that has admin powers for the directory.
It used to be that there was a syncrepl section in /etc/openldap/slapd.conf where you would specify the user, credentials, and SASL mechanism for replication. This section doesn't exist in my slapd.conf so I figure the configuration for replication must live in the directory itself. Using Directory Utility.app and the new Directory Editor, I don't much in the way of configuration for replication. Looking at base:
cn=config,dc=server,dc=example,dc=com
There is a replicas entry but all it does is list the master and replicas. It doesn't include anything about a replica user, SASL mechanism, or password.
Looking at base:
cn=config
I see the sync overlays, but again I don't see anything that specifies a sync user, a SASL mechanism and user credentials.
Am I missing something, is there some other place that Apple uses to configure ldap replication?