On Tuesday, 10 November 2009 17:40:21 Eric B. wrote:
Hi,
I'm relatively new to OpenLDAP and am trying to set up a slave server. I figured the easiest way would be to use the anonymous user to perform the synchronization given that my master allows for full anonymous reads:
We hope you're aware of the risks in the usual trade-off.
access to * by self write by users read by anonymous read
But, can an anonymous search retrieve all the entries (see 'timelimit' and 'sizelimit' options).
Secondly, did you configure your master for syncrepl ? Specifically, has the database holding dc=domain,dc=com got the syncrepl overlay loaded (and you should also index the attributes used for replication state, see the documentation ...).
I have tried to specify the following in my slave slapd.conf: syncrepl rid=8 provider=ldap://snoopy.domain.com:389 type=refreshAndPersist retry="60 +" searchbase="dc=domain,dc=com" schemachecking=off bindmethod=simple
However, my slave seems to be unable to connect properly to the master.
It connects just fine, and initiates a search, however the search doesn't complete.
It seems to be trying to write something, and am not quite sure what. My master has the following log: Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 fd=72 ACCEPT from IP=10.1.1.8:39558 (IP=0.0.0.0:389) Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 op=0 BIND dn="" method=128 Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 op=0 RESULT tag=97 err=0 text= Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 op=1 SRCH base="dc=domain,dc=com" scope=2 deref=0 filter="(objectClass=*)" Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 op=1 SRCH attr=* + Nov 9 16:37:52 snoopy slapd[1481]: send_search_entry: conn 6270 ber write failed. Nov 9 16:37:52 snoopy slapd[1481]: conn=6270 fd=72 closed (connection lost on write) My slave logs display the following: Nov 9 16:45:36 spike slapd[32415]: do_syncrep2: rid 008got search entry without control
Either it didn't get all the entries (and thus not the control which would follow) when doing the initial sync - fix the limits, or it got all the entries but no control - ensure the overlay is active on the producer.
Regards, Buchan