So more information about my problem: if I change: replica uri=ldaps://192.168.247.130:389/ to replica uri=ldap://192.168.247.130:389/ THEN I get a slightly different replication log created by Slurpd. However, when I examine that file, it is missing: replica: 192.168.247.130:389
If I kill slurpd, edit the log to include the 'replica' line, and then restart slurpd, then it forms the connection and attempts to forward the ldif.
So it looks like I facing two problems: 1. slurpd doesn't work right with SSL 2. slurpd doesn't create the right log format for it to use for replication.
Am I missing something in my SSL config?
Any ideas on a bug fix for #2?
rpmquery --all | egrep openldap openldap2-client-2.3.19-18.6 openldap2-2.3.19-18.7
On Thursday 11 January 2007 21:10, matthew sporleder wrote:
On 1/11/07, Jeremy M. Guthrie jeremy.guthrie@berbee.com wrote:
I am running into an issue trying to do LDAP replication. I am trying to get slurp to replicate data but it keeps complaining that none of the data is 'mine'.
I also never see slurpd make a TCP connection to the 192.168.247.130 peer.
slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/yast.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/openldap/modules access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to * by * read loglevel 0
replogfile /var/lib/ldap/replog/ldap.binc-groups.replog
TLSCertificateFile /etc/openldap/servercert.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem database bdb suffix "dc=remote,dc=binc,dc=net" rootdn "XXXXXXXXXXXXXXXXXXXXXXXX" rootpw XXXXXXXXXXXXX directory /var/lib/ldap/dc=remote_dc=binc_dc=net checkpoint 1024 5 cachesize 10000 index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres replica host=192.168.247.130 binddn="XXXXXXXXXXXXXXXXXXXXXXXXXXXXX" bindmethod=simple credentials=XXXXXXXXXXXXX
Slurpd Logs: Replica 192.168.247.130:389, skip repl record for uid=tester,ou=people,dc=remote,dc=binc,dc=net (not mine) Replica 192.168.247.130:389, skip repl record for cn=testing,ou=group,dc=remote,dc=binc,dc=net (not mine) Replica 192.168.247.130:389, skip repl record for cn=groupconfiguration,ou=ldapconfig,dc=remote,dc=binc,dc=net (not mine) Replica 192.168.247.130:389, skip repl record for uid=jguthries,ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine) Replica 192.168.247.130:389, skip repl record for uid=test22,ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine) Replica 192.168.247.130:389, skip repl record for uid=howdy,ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine) Replica 192.168.247.130:389, skip repl record for uid=sasser,ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine)
--
I've never seen that error, but I'm pretty sure your replogfile needs to go into your database section. (that makes the error seem logicall to me, anyway)
See: http://www.openldap.org/faq/data/cache/371.html
_Matt