Hi,
I have just set up openldap on two nodes (alpha, beta). I am using openldap for a passdb backend for samba. I followed this guide: http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
To a point, everything seems to work just fine, the cn=config replication works both ways. After deleting everything from my base, I run smbldap-populate on the node alpha. It creates the default users, groups pretty fine, but it failed to replicat to node beta.
the log entries shows this on alpha: http://pastebin.com/Ykhvq4BY
on the other node the log shows this on beta: http://pastebin.com/KNwgHQDW
My configuration looks the following:
cn=config: http://pastebin.com/mT5A4K5i
olcDatabase={0}config,cn=config: http://pastebin.com/kwBNEaeV
olcDatabase={0}hdb,cn=config: http://pastebin.com/FsPaKK90
I have the olcOverlay={0}syncprov,olcDatabase={0}config,cn=config and olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config set to olcOverlay: {0}syncprov
I have nothing in slapd.conf Do you know where to search this problem? What other logs should i attach to figure it out?
Have a nice day, Best Regards, Marton, Neher
Okay, i found the bug. It was about the olcServerID. My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2 ldap://beta-int/, which is correct. But if I start my openldap as ubuntu says (/usr/sbin/slapd -h ldap://beta-int/ ldap://127.0.0.1:389/ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d/), it does not recognise that he is beta-int. Only if I start it with only the ldap://beta-int/ parameter. But I really need the other two interfaces as well. What can I do now with it?
Thanks, BR, Márton Néher
2010/4/24 Néher Márton neher.marton@gmail.com
Hi,
I have just set up openldap on two nodes (alpha, beta). I am using openldap for a passdb backend for samba. I followed this guide: http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
To a point, everything seems to work just fine, the cn=config replication works both ways. After deleting everything from my base, I run smbldap-populate on the node alpha. It creates the default users, groups pretty fine, but it failed to replicat to node beta.
the log entries shows this on alpha: http://pastebin.com/Ykhvq4BY
on the other node the log shows this on beta: http://pastebin.com/KNwgHQDW
My configuration looks the following:
cn=config: http://pastebin.com/mT5A4K5i
olcDatabase={0}config,cn=config: http://pastebin.com/kwBNEaeV
olcDatabase={0}hdb,cn=config: http://pastebin.com/FsPaKK90
I have the olcOverlay={0}syncprov,olcDatabase={0}config,cn=config and olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config set to olcOverlay: {0}syncprov
I have nothing in slapd.conf Do you know where to search this problem? What other logs should i attach to figure it out?
Have a nice day, Best Regards, Marton, Neher
Hi,
Le 25/04/2010 00:40, Néher Márton a écrit :
Okay, i found the bug. It was about the olcServerID. My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2 ldap://beta-int/, which is correct. But if I start my openldap as ubuntu says (/usr/sbin/slapd -h ldap://beta-int/ ldap://127.0.0.1:389/ http://127.0.0.1:389/ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d/), it does not recognise that he is beta-int. Only if I start it with only the ldap://beta-int/ parameter. But I really need the other two interfaces as well. What can I do now with it?
What version of OpenLDAP are you using?
A bug similar to this was corrected in 2.4.18: http://www.openldap.org/its/?findid=5942
If you're using an older version, this should still work fine so long as the URL in the -h option to slapd exactly matched the URL in serverID (make sure the all slashes are present, etc).
Preferably, use the latest release, though, to avoid other such bugs now fixed :)
Jonathan
2010/4/24 Néher Márton <neher.marton@gmail.com mailto:neher.marton@gmail.com>
Hi, I have just set up openldap on two nodes (alpha, beta). I am using openldap for a passdb backend for samba. I followed this guide: http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master To a point, everything seems to work just fine, the cn=config replication works both ways. After deleting everything from my base, I run smbldap-populate on the node alpha. It creates the default users, groups pretty fine, but it failed to replicat to node beta. the log entries shows this on alpha: http://pastebin.com/Ykhvq4BY on the other node the log shows this on beta: http://pastebin.com/KNwgHQDW My configuration looks the following: cn=config: http://pastebin.com/mT5A4K5i olcDatabase={0}config,cn=config: http://pastebin.com/kwBNEaeV olcDatabase={0}hdb,cn=config: http://pastebin.com/FsPaKK90 I have the olcOverlay={0}syncprov,olcDatabase={0}config,cn=config and olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config set to olcOverlay: {0}syncprov I have nothing in slapd.conf Do you know where to search this problem? What other logs should i attach to figure it out? Have a nice day, Best Regards, Marton, Neher
Actually I solved the problem meanwhile by using FQDNs (altough i don't really see why is it important on a local-network) and trailing slashes just as you have suggested.
The version is exactly: $ slapd -VV @(#) $OpenLDAP: slapd 2.4.21 (Apr 15 2010 11:38:12) $ buildd@yellow:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
2010/4/25 Jonathan Clarke jonathan@phillipoux.net
Hi,
Le 25/04/2010 00:40, Néher Márton a écrit :
Okay, i found the bug. It was about the olcServerID. My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2 ldap://beta-int/, which is correct. But if I start my openldap as ubuntu says (/usr/sbin/slapd -h ldap://beta-int/ ldap://127.0.0.1:389/ http://127.0.0.1:389/ ldapi:///
-g openldap -u openldap -F /etc/ldap/slapd.d/), it does not recognise that he is beta-int. Only if I start it with only the ldap://beta-int/ parameter. But I really need the other two interfaces as well. What can I do now with it?
What version of OpenLDAP are you using?
A bug similar to this was corrected in 2.4.18: http://www.openldap.org/its/?findid=5942
If you're using an older version, this should still work fine so long as the URL in the -h option to slapd exactly matched the URL in serverID (make sure the all slashes are present, etc).
Preferably, use the latest release, though, to avoid other such bugs now fixed :)
Jonathan
2010/4/24 Néher Márton <neher.marton@gmail.com
mailto:neher.marton@gmail.com>
Hi,
I have just set up openldap on two nodes (alpha, beta). I am using openldap for a passdb backend for samba. I followed this guide:
http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
To a point, everything seems to work just fine, the cn=config replication works both ways. After deleting everything from my base, I run smbldap-populate on the node alpha. It creates the default users, groups pretty fine, but it failed to replicat to node beta.
the log entries shows this on alpha: http://pastebin.com/Ykhvq4BY
on the other node the log shows this on beta: http://pastebin.com/KNwgHQDW
My configuration looks the following:
cn=config: http://pastebin.com/mT5A4K5i
olcDatabase={0}config,cn=config: http://pastebin.com/kwBNEaeV
olcDatabase={0}hdb,cn=config: http://pastebin.com/FsPaKK90
I have the olcOverlay={0}syncprov,olcDatabase={0}config,cn=config and olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config set to olcOverlay: {0}syncprov
I have nothing in slapd.conf Do you know where to search this problem? What other logs should i attach to figure it out?
Have a nice day, Best Regards, Marton, Neher
--
Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org
On 04/24/2010 11:40 PM, Néher Márton wrote:
Okay, i found the bug. It was about the olcServerID. My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2 ldap://beta-int/, which is correct. But if I start my openldap as ubuntu says (/usr/sbin/slapd -h ldap://beta-int/ ldap://127.0.0.1:389/ http://127.0.0.1:389/ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d/), it does not recognise that he is beta-int. Only if I start it with only the ldap://beta-int/ parameter. But I really need the other two interfaces as well. What can I do now with it?
Thanks, BR, Márton Néher
Hello Márton,
If you only have two interfaces, or you have more but you don't mind slapd to listen on those too, you can always specify the urls like ldap:/// ldaps:/// ldapi:///. Since it's an ubuntu machine, and i'm assuming it's similar to debian, you should check /etc/default/slapd for those options.
Regards,
Hugo Monteiro.
On Sun, Apr 25, 2010 at 7:15 PM, Hugo Monteiro hugo.monteiro@fct.unl.ptwrote:
On 04/24/2010 11:40 PM, Néher Márton wrote:
Okay, i found the bug. It was about the olcServerID. My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2 ldap://beta-int/, which is correct. But if I start my openldap as ubuntu says (/usr/sbin/slapd -h ldap://beta-int/ ldap://127.0.0.1:389/ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d/), it does not recognise that he is beta-int. Only if I start it with only the ldap://beta-int/ parameter. But I really need the other two interfaces as well. What can I do now with it?
Thanks, BR, Márton Néher
Hello Márton,
If you only have two interfaces, or you have more but you don't mind slapd to listen on those too, you can always specify the urls like ldap:/// ldaps:/// ldapi:///. Since it's an ubuntu machine, and i'm assuming it's similar to debian, you should check /etc/default/slapd for those options.
Regards,
Hugo Monteiro.
Hi Hugo,
Actually the use of FQDN solved the problem, I only tried to suggest that there might be some issues with the serverID ~ argv matcher. Actually since the documentation says that I should use FQDN, it is not even a bug. I would suggest that the matcher could be improved or there should be an emphasis on the FQDNs in the documentation. The URLs could be a work-around, but I don't want to bother with ldaps in a test-environment. Anyway, It is working now at me.
Thank you very much for your help and suggestions, Best Regards, Márton Néher
openldap-software@openldap.org
-
Hugo Monteiro -
Jonathan Clarke -
Néher Márton