Hi List.

I have been trying to set up replication between two LDAP servers running OpenSuSE10.2 and Openldap 2-2.3.27-25 but unfortunately I am not having a lot of success :(


The master server is called ldap1. This is slapd.conf:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
loglevel -1
TLSCertificateFile /etc/openldap/servercert.pem
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=Administrator,dc=mydomain,dc=com"
rootpw "{ssha}mypassword"
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres

#Entries for replication

replica uri=ldap://192.168.2.246.1:389
        binddn="cn=replica,dc=mydomain,dc=com"
        bindmethod=simple
        credentials="{ssha}mypassword"

replogfile /var/lib/ldap/slurpd.replog

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


As you can see the loglevel is set to -1 as I have been trying to troubleshoot this for the last two days...


The slave server is ldap2 and here is slapd.conf:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

loglevel -1
database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=replica,dc=mydomain,dc=com"
rootpw "{ssha}mypassword"
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres

#Entries for replication

updatedn="cn=replica,dc=mydomain,dc=com"
updateref=ldap://ldap1.mydomain.com
replogfile /var/lib/ldap/slurpd.replog

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




OK so slapd starts without error on both servers and slurpd on ldap1.

/var/lib/ldap/slurpd.replog is created successfully and there is also another replog file created in /var/lib/slurpd/replica/slurpd.replog which the man page tells me is a working directory to which slurpd copies the replog before processing it.

Ok so now all seems normal up to here but this is where the trouble starts.

I update an entry in the database on ldap1 and the following is written to /var/lib/slurpd/replica/slurpd.replog:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
replica: 192.168.2.246
time: 1194939780
dn: uid=user.three,ou=people,dc=mydomain,dc=com
changetype: modify
replace: sn
sn: Tres
-
replace: entryCSN
entryCSN: 20071113074300Z#000000#00#000000
-
replace: modifiersName
modifiersName: cn=Administrator,dc=mydomain,dc=com
-
replace: modifyTimestamp
modifyTimestamp: 20071113074300Z
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


but /var/lib/ldap/slurpd.replog remains empty and the updated entry is not replicated to ldap2

The permissions on /var/lib/ldap/slurpd.replog:

-rw-r--r-- 1 ldap ldap 0 2007-11-13 11:43 /var/lib/ldap/slurpd.replog


I don't see any other errors in /var/log/messages but there is a LOT of output and I most of it seems quite cryptic.


I am really at a loss here and would appreciate it if anybody can point out a mistake in my configuration or any other glaringly obvious errors.

Thanks

Lawrence