Is it just me, or the ITS WebUI is removing part of the message I typed ?
Anyway, here is the complete descripton :
Replication won't start if we set it up on running servers configured wit= h slapd.d. The scenario is the following : o We have 2 servers, one will become the provider, the other the consumer o They are initially empty%2ususing MDB (see the attached configurations, converted from slapd.conf to slapd.d) o We start the 2 servers o Step 1 : On the provider, we inject the following entry :
dn: cn=3Dconfig changetype: modify add: olcServerId olcServerId: 1 -
o Step 2 : On the provider, we inject the following entries :
# Context entry dn: dc=3Dexample,dc=3Dcom changetype: add objectClass: domain objectClass: top dc: example
# LDAPRoles, dc=3Dexample,dc=3Dcom dn: ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom objectClass: top objectClass: organizationalUnit ou: LDAPRoles
dn: dc=3Dusers,dc=3Dexample,dc=3Dcom changetype: add dc: users objectClass: domain objectClass: top
dn: cn=3DJohndoe,dc=3Dusers,dc=3Dexample,dc=3Dcom changetype: add objectClass: person objectClass: top sn: John Doe cn: Johndoe
# replicator, LDAPRoles, dc=3Dexample, dc=3Dcom dn: cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom objectClass: top objectClass: simpleSecurityObject objectClass: organizationalRole userPassword: secret cn: replicator
o Step 3 : On the consumer, we inject the following entry :
# Context entry dn: dc=3Dexample,dc=3Dcom changetype: add objectClass: domain objectClass: top dc: example
o Step 4 : On the provider, we inject the following entries :
dn: cn=3Dmodule{0},cn=3Dconfig changetype: modify add: olcModuleLoad olcModuleLoad: syncprov -
dn: olcOverlay=3Dsyncprov,olcDatabase=3D{1}mdb,cn=3Dconfig changetype: add objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top objectClass: olcSyncprovConfig olcOverlay: syncprov olcSpSessionLog: 10000 olcSpCheckpoint: 100 10
dn: olcDatabase=3D{1}mdb,cn=3Dconfig changetype: modify add: olcLimits olcLimits: dn.exact=3D"cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dc= om" time.soft=3Dunlimited time.h ard=3Dunlimited size.soft=3Dunlimited size.hard=3Dunlimited -
dn: olcDatabase=3D{1}mdb,cn=3Dconfig changetype: modify replace: olcAccess olcAccess: {0}to dn.subtree=3D"dc=3Dexample,dc=3Dcom" by self write by = dn.exact=3D"cn=3D replicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom" read by anonymous auth = by * read -
o Step 5 : On the consumer, we inject the following entry :
dn: olcDatabase=3D{1}mdb,cn=3Dconfig changetype: modify add: olcSyncrepl olcSyncrepl: rid=3D1 provider=3Dldap://10.61.155.18 bindmethod=3Dsimple b= i nddn=3D"cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom" credential= s=3Dsecret type=3DrefreshAndPersis t searchbase=3D"dc=3Dexample,dc=3Dcom" filter=3D"(objectclass=3D*)" scop= e=3Dsub schemacheck ing=3Don retry=3D"5 10 60 +" sizeLimit=3Dunlimited timelimit=3Dunlimited -
At this point, one would expect the replication to kick on, and having th= e entries flowing from the producer to the consumer, but nothing happens.
Ignoring the first step (ServerID setting), and applying the other steps,= just work fine. It seems that setting the ServerID blocks everything (FT= R, it does not help either to setup the consumer's ServerID).
This is problematic in a scenario where we would try to make 2 servers be= ing replicated in a MMR typology with MirrorMode set, as the ServerID wi= l be mandatory.
Here is the provider configuratio (this is in slapd.conf format for conve= nience, it is being converted to slapd.d before the server is started) :
#########################################################################= ######## ## Provider configuration #########################################################################= ######### # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # # Schema files. Note that not all of these schemas co-exist peacefully. # Use only those you need and leave the rest commented out. include "/opt/symas/etc/openldap/schema/core.schema" include "/opt/symas/etc/openldap/schema/cosine.schema" include "/opt/symas/etc/openldap/schema/inetorgperson.schema" include "/opt/symas/etc/openldap/schema/misc.schema"
# TLSCipherSuite <cipher-suite-spec> # Permits configuring what ciphers will be accepted and the # preference order. <cipher-suite-spec> should be a cipher # specification for the TLS library in use (OpenSSL, GnuTLS, or # Mozilla NSS). TLSCipherSuite HIGH:MEDIUM
# Files in which to store the process id and startup arguments. # These files are needed by the init scripts, so only change # these if you are prepared to edit those scripts as well. pidfile "/var/symas/run/slapd.pid" argsfile "/var/symas/run/slapd.args"
# Choose the directory for loadable modules. modulepath "/opt/symas/lib64/openldap"
# Uncomment the moduleloads as needed to enable additional # functionalityi when configured. NOTE: We package many=20 # more modules options than those found below.=20 moduleload back_mdb.la moduleload back_monitor.la
# Sample access control policy: # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: access to dn=3D"" by * read access to * by self write by users read by anonymous auth
#----------------------------------------------------------------------- # LOGGING loglevel stats sync
####################################################################### # config database ####################################################################### database config rootdn "cn=3DDirectory Manager,cn=3Dconfig" rootpw secret
access to * by * none
####################################################################### # Sample LMDB database definitions ####################################################################### database mdb suffix "dc=3Dexample,dc=3Dcom" rootdn "cn=3DDirectory Manager,dc=3Dexample,dc=3Dcom" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details describing # the creation of encrypted passwords. rootpw secret
# Indices to maintain
# index default sets the basic type of indexing to perform if there isn't= any indexing specified for a given attribute index default eq index objectClass index cn
# The database directory MUST exist prior to running slapd AND=20 # should only be accessible by the slapd/tools. Mode 700 recommended. # One directory will be needed for each backend, so you should # create a subdirectory beneath /var/symas/openldap-data for each # new backend. This is also where the DB_CONFIG file needs to be # placed. directory "/var/symas/openldap-data/example"
# Here we specify the maximum on-disk size of the database. It is=20 # Recommended to set this near the expected free-space availability # for the machine. This paramiter is not pre-allocated and simply=20 # represents the upward limit to which the database will be allowed # to grow. Note: Specified in *bytes*. Here, we set it to 1gb. maxsize 10485760
####################################################################### # Monitor database ####################################################################### database monitor
access to dn.subtree=3D"cn=3Dmonitor" by * read
And here is the consumer configuration :
#########################################################################= ######## ## Consumer configuration #########################################################################= ######### # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # # Schema files. Note that not all of these schemas co-exist peacefully. # Use only those you need and leave the rest commented out. include "/opt/symas/etc/openldap/schema/core.schema" include "/opt/symas/etc/openldap/schema/cosine.schema" include "/opt/symas/etc/openldap/schema/inetorgperson.schema" include "/opt/symas/etc/openldap/schema/misc.schema"
# # TLSCipherSuite <cipher-suite-spec> # Permits configuring what ciphers will be accepted and the # preference order. <cipher-suite-spec> should be a cipher # specification for the TLS library in use (OpenSSL, GnuTLS, or # Mozilla NSS). TLSCipherSuite HIGH:MEDIUM
# Files in which to store the process id and startup arguments. # These files are needed by the init scripts, so only change # these if you are prepared to edit those scripts as well. pidfile "/var/symas/run/slapd.pid" argsfile "/var/symas/run/slapd.args"
# Choose the directory for loadable modules. modulepath "/opt/symas/lib64/openldap"
# Uncomment the moduleloads as needed to enable additional # functionalityi when configured. NOTE: We package many # more modules options than those found below. moduleload back_mdb.la moduleload back_monitor.la
# Sample access control policy: # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: access to dn=3D"" by * read access to * by self write by users read by anonymous auth #----------------------------------------------------------------------- # LOGGING loglevel stats sync
####################################################################### # config database ####################################################################### database config rootdn "cn=3DDirectory Manager,cn=3Dconfig" rootpw secret
access to * by * none
####################################################################### # Sample LMDB database definitions ####################################################################### database mdb suffix "dc=3Dexample,dc=3Dcom" rootdn "cn=3DDirectory Manager,dc=3Dexample,dc=3Dcom" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details describing # the creation of encrypted passwords. rootpw secret
# Indices to maintain
# index default sets the basic type of indexing to perform if there isn't= any indexing specified for a given attribute index default eq index objectClass index cn
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended. # One directory will be needed for each backend, so you should # create a subdirectory beneath /var/symas/openldap-data for each # new backend. This is also where the DB_CONFIG file needs to be # placed. directory "/var/symas/openldap-data/example"
# Here we specify the maximum on-disk size of the database. It is # Recommended to set this near the expected free-space availability # for the machine. This paramiter is not pre-allocated and simply # represents the upward limit to which the database will be allowed # to grow. Note: Specified in *bytes*. Here, we set it to 1gb. maxsize 10485760
####################################################################### # Monitor database ####################################################################### database monitor
access to dn.subtree=3D"cn=3Dmonitor" by * read
Le 21/10/16 =C3=A0 23:45, openldap-its@OpenLDAP.org a =C3=A9crit :
*** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
Thanks for your report to the OpenLDAP Issue Tracking System. Your report has been assigned the tracking number ITS#8521.
One of our support engineers will look at your report in due course. Note that this may take some time because our support engineers are volunteers. They only work on OpenLDAP when they have spare time.
If you need to provide additional information in regards to your issue report, you may do so by replying to this message. Note that any mail sent to openldap-its@openldap.org with (ITS#8521) in the subject will automatically be attached to the issue report.
mailto:openldap-its@openldap.org?subject=3D(ITS#8521)
You may follow the progress of this report by loading the following URL in a web browser: http://www.OpenLDAP.org/its/index.cgi?findid=3D8521
Please remember to retain your issue tracking number (ITS#8521) on any further messages you send to us regarding this report. If you don't then you'll just waste our time and yours because we won't be able to properly track the report.
Please note that the Issue Tracking System is not intended to be used to seek help in the proper use of OpenLDAP Software. Such requests will be closed.
OpenLDAP Software is user supported. http://www.OpenLDAP.org/support/
Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
--=20 Emmanuel Lecharny
Symas.com directory.apache.org