Naufal Sheikh wrote:
Ok, I am using openldap 2.2.20 on both machines.
You should seriously consider upgrading since 2.2.x is historic since quite a while. Historic means there is absolutely no support for this code base anymore. Even no security fixes! Nada!
I have added replog attribute in the slapd.conf of my backup machine. I switch off my production for maintainance, and swithc the backup on. AS it has replog enabled it starts creating logs of the events, After maintainance activity I ftp the replog to production and use ldapmodify to apply those logs on production.
This is a very unusual approach. Note that ldapmodify is a normal DUA (directory *user* agent).
ldap_modify: Constraint violation (19) additional info: entryCSN: no user modification allowed
IF I edit my replog and remove all the stuff like
replace: lastModifiedTime lastModifiedTime: 2008-03-24 12:27
replace: entryCSN entryCSN: 20080324172725Z#000001#00#000000
These attributes are operational attributes not modifiable by a normal DUA. Consider deploying a real replication mechanism (syncrepl preferred). There are several modes available which should satisfy your particular needs.
http://www.openldap.org/doc/admin24/config.html#Replicated%20Directory%20Ser...
http://www.openldap.org/doc/admin24/replication.html
http://www.openldap.org/faq/data/cache/1170.html
Ciao, Michael.