I am trying to establish replication between two ldap servers. Here's part of slapd.conf file for the subscriber:
syncrepl rid=123 provider=ldap://ldap.mydomain.com type=refreshOnly interval=00:00:01:00 searchbase="dc=mydomainr,dc=com" schemachecking=off updatedn="cn=Manager,dc=mydomain,dc=com" bindmethod=simple binddn="cn=Manager,dc=mydomain,dc=com" credentials=secret
This is the stanza in slapd.conf for the provider:
sessionlog 123 4555
Ldap version on both is 2.3.37 and everything else works fine (centralized login, automount etc.)
When I look at the log file for the provider it seems like the subscriber is making queries but no updates are made to the slave. Here's part of the log:
=> bdb_presence_candidates (objectClass) <= bdb_filter_candidates: id=-1 first=1 last=20 <= bdb_list_candidates: id=-1 first=1 last=20 <= bdb_filter_candidates: id=-1 first=1 last=20 bdb_search_candidates: id=-1 first=1 last=20 => test_filter PRESENT => access_allowed: search access to "dc=mydomain,dc=com" "objectClass" requested <= root access granted <= test_filter 6 => send_search_entry: conn 34 dn="dc=mydomain,dc=com" => access_allowed: read access to "dc=mydomain,dc=com" "entry" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "objectClass" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "o" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "dc" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "structuralObjectClass" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "entryCSN" requested <= root access granted ...
Any advise on what I am missing will be greatly appreciated. I am sure I am missing something important here. Is there something else I need to add to the providers config?
Regards.
I don't believe you need updatedn.
example :
syncrepl rid=51 provider=ldaps://ldap.example.com type=refreshOnly interval=00:00:01:00 retry=60,10,300,+ searchbase="dc=example,dc=com" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=replicator,ou=Service,ou=Applications,dc=example,dc=com" credentials=example
syncrepl rid=123 provider=ldap://ldap.mydomain.com type=refreshOnly interval=00:00:01:00 searchbase="dc=mydomainr,dc=com" schemachecking=off updatedn="cn=Manager,dc=mydomain,dc=com" bindmethod=simple binddn="cn=Manager,dc=mydomain,dc=com" credentials=secret
Wes Rogers wrote:
I don't believe you need updatedn.
example :
syncrepl rid=51 provider=ldaps://ldap.example.com type=refreshOnly interval=00:00:01:00 retry=60,10,300,+ searchbase="dc=example,dc=com" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=replicator,ou=Service,ou=Applications,dc=example,dc=com" credentials=example
syncrepl rid=123 provider=ldap://ldap.mydomain.com type=refreshOnly interval=00:00:01:00 searchbase="dc=mydomainr,dc=com" schemachecking=off updatedn="cn=Manager,dc=mydomain,dc=com" bindmethod=simple binddn="cn=Manager,dc=mydomain,dc=com" credentials=secret
How can I check if the information on the slave is equal to the information on the master. I try running ldapsearch on the slave looking for user thats only on the master but even after the replication starts the user is not on the slave. Do I need to copy the whole data from the master first so they are in sync before I start the replication, or the slave will get the missing info from the master?
--On August 3, 2007 12:58:06 PM -0500 CyberGod cybergod@linux-admins.net wrote:
How can I check if the information on the slave is equal to the information on the master. I try running ldapsearch on the slave looking for user thats only on the master but even after the replication starts the user is not on the slave. Do I need to copy the whole data from the master first so they are in sync before I start the replication, or the slave will get the missing info from the master?
The replica will catch up over time. Of course, you are using refreshOnly, so it is going to take quite a while. Why aren't you using refreshAndPersist? Just fix the "interval" line to be a valid "retry" line instead.
You can of course, slapcat the master and then slapadd the replica to speed things up...
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
CyberGod cybergod@linux-admins.net wrote:
How can I check if the information on the slave is equal to the information on the master. I try running ldapsearch on the slave looking for user thats only on the master but even after the replication starts the user is not on the slave. Do I need to copy the whole data from the master first so they are in sync before I start the replication, or the slave will get the missing info from the master?
Make sure there is no ACL on the master that prevents the slave from reading some information. I noticed it quickly breaks the sync.
Emmanuel Dreyfus wrote:
CyberGod cybergod@linux-admins.net wrote:
How can I check if the information on the slave is equal to the information on the master. I try running ldapsearch on the slave looking for user thats only on the master but even after the replication starts the user is not on the slave. Do I need to copy the whole data from the master first so they are in sync before I start the replication, or the slave will get the missing info from the master?
Make sure there is no ACL on the master that prevents the slave from reading some information. I noticed it quickly breaks the sync.
I've noticed this line on the provider log file:
=> access_allowed: read access to "ou=Aliases,dc=mydomain,dc=com" "entryCSN" requested
Do I need to create this entryCSN somewhere or is this even an error?
--On August 3, 2007 2:55:26 PM -0500 CyberGod cybergod@linux-admins.net wrote:
Emmanuel Dreyfus wrote:
CyberGod cybergod@linux-admins.net wrote:
How can I check if the information on the slave is equal to the information on the master. I try running ldapsearch on the slave looking for user thats only on the master but even after the replication starts the user is not on the slave. Do I need to copy the whole data from the master first so they are in sync before I start the replication, or the slave will get the missing info from the master?
Make sure there is no ACL on the master that prevents the slave from reading some information. I noticed it quickly breaks the sync.
I've noticed this line on the provider log file:
=> access_allowed: read access to "ou=Aliases,dc=mydomain,dc=com" "entryCSN" requested
Do I need to create this entryCSN somewhere or is this even an error?
This value is one of the operational attributes for an entry. You don't generate it yourself, but syncrepl needs to be able to read it.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
CyberGod -
manu@netbsd.org -
Quanah Gibson-Mount -
Wes Rogers