This is a multi-part message in MIME format. --------------040706000700030201020504 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit
One more thing. The entry with "cn=depth" name won't sync only when adding entries to ou=mailinglist. Somehow it is ok with ou=people.
"Master" LDAP configuration: /Include /go/to/core.schema// //Include /go/to/cosine.schema// //Include /go/to/inetorgperson.schema// //Include /go/to/nis.schema// //Include /go/to/samba.schema// //Include /go/to/test.schema// //pidfile /go/to/slapd.pid// //argsfile /go/to/slapd.args/
TLSCipherSuite HIGH:MEDIUM:+SSLv2 /TLSCACertificateFile /go/to/ldap.pem// //TLSCertificateFile /go/to/ldap.pem// //TLSCertificateKeyFile /go/to/ldap.key/
access to attrs=userPassword by self write by users read by peername.ip=127.0.0.1 read by peername.ip=10.X.0.0%255.255.0.0 read by peername.ip=172.X.129.132 read by peername.ip=172.X.1.109 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=X.X.68.0%255.255.255.0 read by anonymous auth
access to attrs=cryptPassword,md5Password,shadowLastChange by self write by users read by peername.ip=127.0.0.1 read by peername.ip=10.217.0.0%255.255.0.0 read by peername.ip=172.X.129.132 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=X.X.68.0%255.255.255.0 read by anonymous none
access to dn.subtree="ou=zgroups,dc=test,dc=com by dn.base="cn=webXXX,ou=people,dc=test,dc=com" write by self read by users read by peername.ip=127.0.0.1 read by peername.ip=10.X.0.0%255.255.0.0 read by peername.ip=X.X.X.0%255.255.255.0 read by peername.ip=172.X.129.132 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by anonymous none
access to * by self read by users read by peername.ip=127.0.0.1 read by peername.ip=10.X.0.0%255.255.0.0 read by peername.ip=172.X.129.132 read by peername.ip=172.X.1.109 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=172.X.0.0%255.255.0.0 read by peername.ip=X.X.68.0%255.255.255.0 read by anonymous none
# Database backend configuration.
allow bind_v2 database bdb password-hash {CRYPT} directory /go/to/ldap-master suffix "dc=test,dc=com" rootdn "cn=root,dc=test,dc=com" rootpw secret index objectClass,uid,uidNumber,entryCSN,entryUUID pres,eq
# Configure syncrepl (provider)
overlay syncprov syncprov-checkpoint 1 1 # <ops> <minutes> syncprov-sessionlog 100 # <max number of session logs>
"Slave" LDAP configuration: include /usr/local/openldap/etc/openldap/schema/core.schema include //usr/local/openldap/etc/openldap/schema/test.schema/ include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access. allow bind_v2
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args loglevel 256 moduleload back_hdb.la moduleload syncprov.la moduleload back_monitor.la moduleload back_ldap.la
access to * by self write by users read by peername.ip=127.0.0.1 read by peername.ip=172.20.201.0%255.255.255.0 read by anonymous read
####################################################################### # BDB database definitions #######################################################################
database bdb suffix /"dc=test,dc=com"/ rootdn "cn=Manager,/dc=test,dc=com"/ rootpw secret directory /usr/local/openldap/var/openldap-data
# Indices to maintain index cn,sn,uid pres,eq,approx,sub index objectClass eq
index entryCSN,entryUUID eq syncrepl rid=1 provider=/ldap://ldap-master.com/ type=refreshOnly interval=00:00:00:30 searchbase=/"dc=test,dc=com"/ scope=sub schemachecking=off bindmethod=simple binddn=/"cn=ldaplogin,ou=people,dc=test,dc=com"/ credentials=/secret/
On 09/12/13 05:57, Quanah Gibson-Mount wrote:
--On Wednesday, September 11, 2013 8:03 AM +0000 chewcs@bii.a-star.edu.sg wrote:
Full_Name: Chew Chee Siang Version: slapd 2.4.36 OS: CentOS 6.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (123.136.68.2)
The setup is a master-slave configuration Whenever a new user with name starting with "depth" is created at master, the record will not be sync to slave using syncrepl. The other records are ok. For e.g. cn=depth-maker,ou=people,dc=tt,dc=com or cn=depth,ou=people,dc=tt,dc=com
Provide your configuration minus passwords.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
--------------040706000700030201020504 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">One more thing. The entry with "cn=depth" name won't sync only when adding entries to ou=mailinglist. Somehow it is ok with ou=people.<br> <br> <br> <br> "Master" LDAP configuration:<br> <i>Include /go/to/core.schema</i><i><br> </i><i>Include /go/to/cosine.schema</i><i><br> </i><i>Include /go/to/inetorgperson.schema</i><i><br> </i><i>Include /go/to/nis.schema</i><i><br> </i><i>Include /go/to/samba.schema</i><i><br> </i><i>Include /go/to/test.schema</i><i><br> </i><i>pidfile /go/to/slapd.pid</i><i><br> </i><i>argsfile /go/to/slapd.args</i><br> <br> TLSCipherSuite HIGH:MEDIUM:+SSLv2<br> <i>TLSCACertificateFile /go/to/ldap.pem</i><i><br> </i><i>TLSCertificateFile /go/to/ldap.pem</i><i><br> </i><i>TLSCertificateKeyFile /go/to/ldap.key</i><br> <br> access to attrs=userPassword<br> by self write<br> by users read<br> by peername.ip=127.0.0.1 read<br> by peername.ip=10.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.129.132 read<br> by peername.ip=172.X.1.109 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=X.X.68.0%255.255.255.0 read<br> by anonymous auth<br> <br> access to attrs=cryptPassword,md5Password,shadowLastChange<br> by self write<br> by users read<br> by peername.ip=127.0.0.1 read<br> by peername.ip=10.217.0.0%255.255.0.0 read<br> by peername.ip=172.X.129.132 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=X.X.68.0%255.255.255.0 read<br> by anonymous none<br> <br> access to dn.subtree="ou=zgroups,dc=test,dc=com<br> by dn.base="cn=webXXX,ou=people,dc=test,dc=com" write<br> by self read<br> by users read<br> by peername.ip=127.0.0.1 read<br> by peername.ip=10.X.0.0%255.255.0.0 read<br> by peername.ip=X.X.X.0%255.255.255.0 read<br> by peername.ip=172.X.129.132 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by anonymous none<br> <br> access to *<br> by self read<br> by users read<br> by peername.ip=127.0.0.1 read<br> by peername.ip=10.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.129.132 read<br> by peername.ip=172.X.1.109 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=172.X.0.0%255.255.0.0 read<br> by peername.ip=X.X.68.0%255.255.255.0 read<br> by anonymous none<br> <br> # Database backend configuration.<br> <br> allow bind_v2<br> database bdb<br> password-hash {CRYPT}<br> directory /go/to/ldap-master<br> suffix "dc=test,dc=com"<br> rootdn "cn=root,dc=test,dc=com"<br> rootpw secret<br> index objectClass,uid,uidNumber,entryCSN,entryUUID pres,eq<br> <br> # Configure syncrepl (provider)<br> <br> overlay syncprov<br> syncprov-checkpoint 1 1 # <ops> <minutes><br> syncprov-sessionlog 100 # <max number of session logs><br> <br> <br> <br> <br> "Slave" LDAP configuration:<br> include /usr/local/openldap/etc/openldap/schema/core.schema<br> include <i>/usr/local/openldap/etc/openldap/schema/test.schema</i><br> include /usr/local/openldap/etc/openldap/schema/cosine.schema<br> include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema<br> include /usr/local/openldap/etc/openldap/schema/nis.schema<br> include /usr/local/openldap/etc/openldap/schema/samba.schema<br> <br> <br> # Define global ACLs to disable default read access.<br> allow bind_v2<br> <br> pidfile /usr/local/openldap/var/run/slapd.pid<br> argsfile /usr/local/openldap/var/run/slapd.args<br> loglevel 256<br> moduleload back_hdb.la<br> moduleload syncprov.la<br> moduleload back_monitor.la<br> moduleload back_ldap.la<br> <br> access to *<br> by self write<br> by users read<br> by peername.ip=127.0.0.1 read<br> by peername.ip=172.20.201.0%255.255.255.0 read<br> by anonymous read<br> <br> #######################################################################<br> # BDB database definitions<br> #######################################################################<br> <br> database bdb<br> suffix <i>"dc=test,dc=com"</i><br> rootdn "cn=Manager,<i>dc=test,dc=com"</i><br> rootpw secret<br> directory /usr/local/openldap/var/openldap-data<br> <br> # Indices to maintain<br> index cn,sn,uid pres,eq,approx,sub<br> index objectClass eq<br> <br> <br> index entryCSN,entryUUID eq<br> syncrepl rid=1<br> provider=<i><a class="moz-txt-link-freetext" href="ldap://ldap-master.com">ldap://ldap-master.com</a></i><br> type=refreshOnly<br> interval=00:00:00:30<br> searchbase=<i>"dc=test,dc=com"</i><br> scope=sub<br> schemachecking=off<br> bindmethod=simple<br> binddn=<i>"cn=ldaplogin,ou=people,dc=test,dc=com"</i><br> credentials=<i>secret</i><br> <br> <br> On 09/12/13 05:57, Quanah Gibson-Mount wrote:<br> </div> <blockquote cite="mid:75FEF2DB661402B3EB284EDD@%5B192.168.1.22%5D" type="cite">--On Wednesday, September 11, 2013 8:03 AM +0000 <a class="moz-txt-link-abbreviated" href="mailto:chewcs@bii.a-star.edu.sg">chewcs@bii.a-star.edu.sg</a> wrote: <br> <br> <blockquote type="cite">Full_Name: Chew Chee Siang <br> Version: slapd 2.4.36 <br> OS: CentOS 6.4 <br> URL: <a class="moz-txt-link-freetext" href="ftp://ftp.openldap.org/incoming/">ftp://ftp.openldap.org/incoming/</a> <br> Submission from: (NULL) (123.136.68.2) <br> <br> <br> The setup is a master-slave configuration <br> Whenever a new user with name starting with "depth" is created at master, <br> the record will not be sync to slave using syncrepl. <br> The other records are ok. <br> For e.g. cn=depth-maker,ou=people,dc=tt,dc=com <br> or cn=depth,ou=people,dc=tt,dc=com <br> </blockquote> <br> Provide your configuration minus passwords. <br> <br> --Quanah <br> <br> <br> <br> -- <br> <br> Quanah Gibson-Mount <br> Lead Engineer <br> Zimbra, Inc <br> -------------------- <br> Zimbra :: the leader in open source messaging and collaboration <br> <br> </blockquote> <br> </body> </html>
--------------040706000700030201020504--