Jorgen Lundman wrote:
Here's a list of problems with your setup:
You are using an ancient version of OpenLDAP.
Installed 2.3.41
You are using BDB 4.2.52 without the required patches.
Installed 4.2.52 5 patches. (patch 3 failed, but appears java related)
You are using slurpd. Use syncrepl instead of slurpd
Changed to syncrepl. But I do feel that the documentation could do with a better example, one simpler. I would have thought that simply replicating everything is a common desire, when the example is one much more complicated.
These are the changes I made to master-slapd.conf (plus ./configure --enable-lastmod) :
That --enable option isn't needed. It has nothing to do with the lastmod directive in slapd.conf.
lastmod on
As documented in slapd.conf(5), lastmod is already on by default.
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10 syncprov-sessionlog 100
These are the changes I made to slave-slapd.conf:
lastmod on
index entryCSN,entryUUID eq
syncrepl rid=1 provider=ldap://172.20.12.113 type=refreshAndPersist interval=00:00:00:30
"interval" is not valid for refreshAndPersist.
searchbase="dc=company,dc=jp" filter="(objectClass=*)"
That's already the default.
attrs="*"
The default is "*,+" and you probably should leave it as such.
scope=sub
That's already the default.
schemachecking=off
You don't need that.
updatedn="cn=admin,dc=company,dc=jp"
That's not valid for 2.3 syncrepl. If you've actually been reading the documentation, it seems you're reading very old docs. You should make sure you're actually reading the docs that match your code.
bindmethod=simple binddn="cn=admin,dc=company,dc=jp" credentials="<secret>"updateref ldap://172.20.12.113
My replication test of one worked.
Updating of production servers went without a hitch. (knock on wood).