Hi Guys
So i have a 10 node setup running with two management/openldap nodes
I have followed the instructions here but cannot get this working
So i ran
So on MS Node 1 i did
1.On the Management Server node, run the following command to create the new OpenLDAP password:
/opt/apigee/apigee-service/bin/apigee-service apigee-openldap change-ldap-password -o oldPword -n newPword
2.Run the following command to store the new password for access by the Management Server:
/opt/apigee/apigee-service/bin/apigee-service edge-management-server store_ldap_credentials -p newPword
then did the same process on MS Node2
When this is done and brought back up the replication fails
598ace63 slap_client_connect: URI=ldap://msnode02:10389/ DN="cn=manager,dc=apigee,dc=com" ldap_sasl_bind_s failed (49) 598ace63 do_syncrepl: rid=001 rc 49 retrying
Now i had a look online and error 49 in openldap is invalid credentials but the passwords have changed as i can access the openldap individually using GUI and also LDAPSEARCH
Is there part of the process missing?
to add to this if i change the password back to the default one replication starts to work again, is there somewhere else the password is stored that the commands are not changing?
hmmm...given what you stated this should work, and yes the openldap instance and mgmt server are only places you need to run these for. Have you tried also using this method to change the pw's ?
http://docs.apigee.com/private-cloud/latest/openldap-maintenance-tasks
Hello 🙂
So I tried that method just now and still the same issue.
There must be something cached as as soon as I do the same process again to change back to the default password the replication starts to work again
It has me stumped
@Michael McLean The replication script internally use "ldapmodify". We had a similar issue where our servers were not using the default "ldapmodify" because our linux team had linked the "ldapmodify" command to a centrify based implementation. You might want to check if that is the issue.
I have the same issue. Also proxies, products, apps are replicating after password change. users and roles are not. Were you able to resolve the issue ?
I realize this is old, but since I just ran into this, figured I'd post my findings in case someone else has a similar problem.
Check the file:
/opt/apigee/data/apigee-openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
There are two places where the password needs to change for ldap with replication setups:
olcRootPW: this is an encrypted value that the script has probably changed. you can test by doing an ldapsearch with the new credentials.
olcSyncRepl: this is only when there's replication configured, and usually there's a part of it where credentials are passed. This is the non encrypted password. If this is the old password, this has to be changed to the new one. This affects replication only.
Can i copy the password from old DC olcDatabase={2}bdb.ldif file?
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |