Hi List.
I have been trying to set up replication between two LDAP servers running OpenSuSE10.2 and Openldap 2-2.3.27-25 but unfortunately I am not having a lot of success :(
The master server is called ldap1. This is slapd.conf:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++ loglevel -1 TLSCertificateFile /etc/openldap/servercert.pem TLSCACertificateFile /etc/openldap/cacert.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem database bdb suffix "dc=mydomain,dc=com" rootdn "cn=Administrator,dc=mydomain,dc=com" rootpw "{ssha}mypassword" directory /var/lib/ldap/ checkpoint 1024 5 cachesize 10000 index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication
replica uri=ldap://192.168.2.246.1:389 binddn="cn=replica,dc=mydomain,dc=com" bindmethod=simple credentials="{ssha}mypassword"
replogfile /var/lib/ldap/slurpd.replog
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
As you can see the loglevel is set to -1 as I have been trying to troubleshoot this for the last two days...
The slave server is ldap2 and here is slapd.conf:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
loglevel -1 database bdb suffix "dc=mydomain,dc=com" rootdn "cn=replica,dc=mydomain,dc=com" rootpw "{ssha}mypassword" directory /var/lib/ldap/ checkpoint 1024 5 cachesize 10000 index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication
updatedn="cn=replica,dc=mydomain,dc=com" updateref=ldap://ldap1.mydomain.com replogfile /var/lib/ldap/slurpd.replog
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OK so slapd starts without error on both servers and slurpd on ldap1.
/var/lib/ldap/slurpd.replog is created successfully and there is also another replog file created in /var/lib/slurpd/replica/slurpd.replog which the man page tells me is a working directory to which slurpd copies the replog before processing it.
Ok so now all seems normal up to here but this is where the trouble starts.
I update an entry in the database on ldap1 and the following is written to /var/lib/slurpd/replica/slurpd.replog:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ replica: 192.168.2.246 time: 1194939780 dn: uid=user.three,ou=people,dc=mydomain,dc=com changetype: modify replace: sn sn: Tres - replace: entryCSN entryCSN: 20071113074300Z#000000#00#000000 - replace: modifiersName modifiersName: cn=Administrator,dc=mydomain,dc=com - replace: modifyTimestamp modifyTimestamp: 20071113074300Z +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
but /var/lib/ldap/slurpd.replog remains empty and the updated entry is not replicated to ldap2
The permissions on /var/lib/ldap/slurpd.replog:
-rw-r--r-- 1 ldap ldap 0 2007-11-13 11:43 /var/lib/ldap/slurpd.replog
I don't see any other errors in /var/log/messages but there is a LOT of output and I most of it seems quite cryptic.
I am really at a loss here and would appreciate it if anybody can point out a mistake in my configuration or any other glaringly obvious errors.
Thanks
Lawrence
On Tuesday 13 November 2007 11:46:37 Lawrence Strydom wrote:
Hi List.
I have been trying to set up replication between two LDAP servers running OpenSuSE10.2 and Openldap 2-2.3.27-25 but unfortunately I am not having a lot of success :(
sync-repl is the supported replication mechanism on 2.3.x, and slurpd no longer exists in 2.4. You may consider setting up sync-repl, instead of the deprecated slurpd at this stage.
Regards, Buchan
Buchan,
I've just configured slurpd on a couple of servers running of the 2.3 rpms (latest) of your repo.
When will you be upgrading to 2.4 - and will that mean I should reconfigure my servers to the new mechanism now?
Regards,
Andy
On Tue, 13 Nov 2007 16:39:56 +0200, Buchan Milne bgmilne@staff.telkomsa.net wrote:
On Tuesday 13 November 2007 11:46:37 Lawrence Strydom wrote:
Hi List.
I have been trying to set up replication between two LDAP servers
running
OpenSuSE10.2 and Openldap 2-2.3.27-25 but unfortunately I am not having
a
lot of success :(
sync-repl is the supported replication mechanism on 2.3.x, and slurpd no longer exists in 2.4. You may consider setting up sync-repl, instead of the deprecated slurpd at this stage.
Regards, Buchan
On Thu, 2007-11-15 at 22:51 +0000, andylockran wrote:
Buchan,
I've just configured slurpd on a couple of servers running of the 2.3 rpms (latest) of your repo.
When will you be upgrading to 2.4 - and will that mean I should reconfigure my servers to the new mechanism now?
The 2.4.6 packages in Mandriva "cooker" can be rebuilt on other distributions. However, I will not be publishing binaries until I have decided on which Berkeley DB version I will ship with them (so users of the packages won't get nasty surprises on upgrades).
I hope to complete some testing in the next week or two ... and 'm guessing 2.4.7 will be out about then.
Naturally, since slurpd no longer exists in 2.4, you will have to migrate off slurpd to syncrepl ...
Regards, Buchan
Buchan Milne wrote:
On Thu, 2007-11-15 at 22:51 +0000, andylockran wrote:
Buchan,
I've just configured slurpd on a couple of servers running of the 2.3 rpms (latest) of your repo.
When will you be upgrading to 2.4 - and will that mean I should reconfigure my servers to the new mechanism now?
The 2.4.6 packages in Mandriva "cooker" can be rebuilt on other distributions. However, I will not be publishing binaries until I have decided on which Berkeley DB version I will ship with them (so users of the packages won't get nasty surprises on upgrades).
Currently there are no DB format changes between 2.3 and 2.4, and newer BerkeleyDB versions can open/migrate older version's DBs transparently. (So it's possible to just install 2.4 over 2.3 and run right away.) Log file format changes tend to be more troublesome. But as usual, if folks upgrade using slapcat/slapadd as recommended, there won't be any issues.
I've been using BerkeleyDB 4.6.21 pretty heavily now in benchmark tests on Linux 2.6 and it's doing fine.
I hope to complete some testing in the next week or two ... and 'm guessing 2.4.7 will be out about then.
Naturally, since slurpd no longer exists in 2.4, you will have to migrate off slurpd to syncrepl ...
Funny, I thought this message's subject was a tautology...
Lawrence
I think your IP address is wrong...
replica uri=ldap://192.168.2.246.1:389
regards,
Lawrence Strydom wrote:
Hi List.
I have been trying to set up replication between two LDAP servers running OpenSuSE10.2 and Openldap 2-2.3.27-25 but unfortunately I am not having a lot of success :(
The master server is called ldap1. This is slapd.conf:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++ loglevel -1 TLSCertificateFile /etc/openldap/servercert.pem TLSCACertificateFile /etc/openldap/cacert.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem database bdb suffix "dc=mydomain,dc=com" rootdn "cn=Administrator,dc=mydomain,dc=com" rootpw "{ssha}mypassword" directory /var/lib/ldap/ checkpoint 1024 5 cachesize 10000 index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication
replica uri=ldap://192.168.2.246.1:389 binddn="cn=replica,dc=mydomain,dc=com" bindmethod=simple credentials="{ssha}mypassword"
replogfile /var/lib/ldap/slurpd.replog
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
As you can see the loglevel is set to -1 as I have been trying to troubleshoot this for the last two days...
The slave server is ldap2 and here is slapd.conf:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
loglevel -1 database bdb suffix "dc=mydomain,dc=com" rootdn "cn=replica,dc=mydomain,dc=com" rootpw "{ssha}mypassword" directory /var/lib/ldap/ checkpoint 1024 5 cachesize 10000 index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication
updatedn="cn=replica,dc=mydomain,dc=com" updateref=ldap://ldap1.mydomain.com replogfile /var/lib/ldap/slurpd.replog
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OK so slapd starts without error on both servers and slurpd on ldap1.
/var/lib/ldap/slurpd.replog is created successfully and there is also another replog file created in /var/lib/slurpd/replica/slurpd.replog which the man page tells me is a working directory to which slurpd copies the replog before processing it.
Ok so now all seems normal up to here but this is where the trouble starts.
I update an entry in the database on ldap1 and the following is written to /var/lib/slurpd/replica/slurpd.replog:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ replica: 192.168.2.246 http://192.168.2.246 time: 1194939780 dn: uid=user.three,ou=people,dc=mydomain,dc=com changetype: modify replace: sn sn: Tres
replace: entryCSN entryCSN: 20071113074300Z#000000#00#000000
replace: modifiersName modifiersName: cn=Administrator,dc=mydomain,dc=com
replace: modifyTimestamp modifyTimestamp: 20071113074300Z +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
but /var/lib/ldap/slurpd.replog remains empty and the updated entry is not replicated to ldap2
The permissions on /var/lib/ldap/slurpd.replog:
-rw-r--r-- 1 ldap ldap 0 2007-11-13 11:43 /var/lib/ldap/slurpd.replog
I don't see any other errors in /var/log/messages but there is a LOT of output and I most of it seems quite cryptic.
I am really at a loss here and would appreciate it if anybody can point out a mistake in my configuration or any other glaringly obvious errors.
Thanks
Lawrence
Thanks Marcelo and Buchan
The IP address error was a copy and paste mistake.
The actual config file is correct though but replication still doesn't work. I think I will try sync-repl.
Take care
L
On 13/11/2007, Marcelo Maraboli marcelo.maraboli@usm.cl wrote
Lawrence
I think your IP address is wrong...
replica uri=ldap://192.168.2.246.1:389
regards,
Lawrence Strydom wrote:
Hi List.
I have been trying to set up replication between two LDAP servers running OpenSuSE10.2 and Openldap 2-2.3.27-25 but unfortunately I am not having a lot of success :(
The master server is called ldap1. This is slapd.conf:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++ loglevel -1 TLSCertificateFile /etc/openldap/servercert.pem TLSCACertificateFile /etc/openldap/cacert.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem database bdb suffix "dc=mydomain,dc=com" rootdn "cn=Administrator,dc=mydomain,dc=com" rootpw "{ssha}mypassword" directory /var/lib/ldap/ checkpoint 1024 5 cachesize 10000 index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication
replica uri=ldap://192.168.2.246.1:389 binddn="cn=replica,dc=mydomain,dc=com" bindmethod=simple credentials="{ssha}mypassword"
replogfile /var/lib/ldap/slurpd.replog
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
As you can see the loglevel is set to -1 as I have been trying to troubleshoot this for the last two days...
The slave server is ldap2 and here is slapd.conf:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
loglevel -1 database bdb suffix "dc=mydomain,dc=com" rootdn "cn=replica,dc=mydomain,dc=com" rootpw "{ssha}mypassword" directory /var/lib/ldap/ checkpoint 1024 5 cachesize 10000 index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication
updatedn="cn=replica,dc=mydomain,dc=com" updateref=ldap://ldap1.mydomain.com replogfile /var/lib/ldap/slurpd.replog
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OK so slapd starts without error on both servers and slurpd on ldap1.
/var/lib/ldap/slurpd.replog is created successfully and there is also another replog file created in /var/lib/slurpd/replica/slurpd.replog which the man page tells me is a working directory to which slurpd copies the replog before processing it.
Ok so now all seems normal up to here but this is where the trouble
starts.
I update an entry in the database on ldap1 and the following is written to /var/lib/slurpd/replica/slurpd.replog:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ replica: 192.168.2.246 http://192.168.2.246 time: 1194939780 dn: uid=user.three,ou=people,dc=mydomain,dc=com changetype: modify replace: sn sn: Tres
replace: entryCSN entryCSN: 20071113074300Z#000000#00#000000
replace: modifiersName modifiersName: cn=Administrator,dc=mydomain,dc=com
replace: modifyTimestamp modifyTimestamp: 20071113074300Z +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
but /var/lib/ldap/slurpd.replog remains empty and the updated entry is not replicated to ldap2
The permissions on /var/lib/ldap/slurpd.replog:
-rw-r--r-- 1 ldap ldap 0 2007-11-13 11:43 /var/lib/ldap/slurpd.replog
I don't see any other errors in /var/log/messages but there is a LOT of output and I most of it seems quite cryptic.
I am really at a loss here and would appreciate it if anybody can point out a mistake in my configuration or any other glaringly obvious errors.
Thanks
Lawrence
-- MSc. Marcelo Maraboli Rosselott Jefe Area de Redes y Comunicaciones (Network & UNIX Systems Engineer) Ingeniero Civil Electronico, CISSP (MSc., Electronic Engineer, CISSP)
Direccion Central de Servicios Computacionales (DCSC) Universidad Tecnica Federico Santa Maria phone: +56 32 2654071 Chile. http://www.usm.cl http://elqui.dcsc.utfsm.cl
openldap-software@openldap.org
-
andylockran -
Buchan Milne -
Howard Chu -
Lawrence Strydom -
Marcelo Maraboli