Hello!
Im trying to set a Ldap replication on FreeBSD 6.3 system. First im try to use sluprd but run in many strange thing and then read what it is near to deprecation.
Then im try to use sysrepl. Im read docs and add this to slapd.conf:
Master:
database bdb suffix "dc=domain,dc=org" rootdn "cn=root,dc=domain,dc=org"
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
Salve:
database bdb suffix "dc=domain,dc=org" rootdn "cn=root,dc=domain,dc=org"
syncrepl rid=123 provider=ldap://172.16.1.2:389 type=refreshOnly interval=0:01:00:00 searchbase="dc=domain,dc=org" filter="(objectClass=*)" scope=sub attrs="*,+" schemachecking=off bindmethod=simple binddn=""cn=replicator,ou=sys,dc=domain,dc=org" updatedn=""cn=replicator,ou=sys,dc=domain,dc=org" credentials=123
But slave ldap dont start with this error:
slapd[43092]: /usr/local/etc/openldap/slapd.conf: line 65: Error: Malformed "syncrepl" line in slapd config file, missing provider searchbase. slapd[43092]: failed to add syncinfo slapd[43092]: slapd stopped. slapd[43092]: connections_destroy: nothing to destroy.
line 65 = syncrepl rid=123
Im do something wrong? What im need to fix?
Hi
I haven't read what
updatedn=""cn=replicator,ou=sys,dc=domain,dc=org"
does, but I don't think you need it.
What you do need to to is to remove one of the " you are using in: updatedn and binddn
binddn=""cn=replicator,ou=sys,dc=domain,dc=org"
should be
binddn="cn=replicator,ou=sys,dc=domain,dc=org"
Petter Solgaard wrote:
Hi
I haven't read what
updatedn=""cn=replicator,ou=sys,dc=domain,dc=org"
does, but I don't think you need it.
What you do need to to is to remove one of the " you are using in: updatedn and binddn
binddn=""cn=replicator,ou=sys,dc=domain,dc=org"
should be
binddn="cn=replicator,ou=sys,dc=domain,dc=org"
Oh my God... Such a stupid mistake. Im fix it, but LDAP dont start again with new error:
slapd[28627]: /usr/local/etc/openldap/slapd.conf: line 65: Error: Malformed "syncrepl" line in slapd config file, missing provider searchbase. slapd[28627]: failed to add syncinfo slapd[28627]: slapd stopped. slapd[28627]: connections_destroy: nothing to destroy.
On Thu, Sep 25, 2008 at 8:51 AM, Proskurin Kirill k.proskurin@fxclub.org wrote:
syncrepl rid=123 provider=ldap://172.16.1.2:389
This is my configuration which works :
syncrepl rid=123 \ provider=ldaps://secureldap.example.com:636 \ type=refreshAndPersist \ searchbase="dc=example,dc=com" \ scope=sub \ filter="(objectClass=*)" \ attrs="*" \ schemachecking=off \ updatedn="cn=Manager,dc=example,dc=com" \ bindmethod=simple \ binddn="cn=Manager,dc=example,dc=com" \ credentials=123 updateref ldaps://secureldap.example.com
Cheers, Steph
On Thu, 25 Sep 2008, Proskurin Kirill wrote:
[...] syncrepl rid=123 provider=ldap://172.16.1.2:389 type=refreshOnly [...]
But slave ldap dont start with this error:
slapd[43092]: /usr/local/etc/openldap/slapd.conf: line 65: Error: Malformed "syncrepl" line in slapd config file, missing provider searchbase. [...] line 65 = syncrepl rid=123
Technically, "syncrepl" is the configuration directive, and everything else is that directive's parameter. So you could write:
"syncrepl rid=123 provider=ldap://..."
But that's going to get long/unwieldy. So slapd.conf(5) documents a line continuation mechanism:
If a line begins with white space, it is considered a continuation of the previous line. No physical line should be over 2000 bytes long.
You are not using this construct, and should be in this case.
Aaron Richton wrote:
If a line begins with white space, it is considered a continuation of the previous line. No physical line should be over 2000 bytes long.
You are not using this construct, and should be in this case.
Yes - it solve my problem, thank you! I miss this thing.
And last question: LDAP salve makes a search to master in some time interval to sync with it. It is like a "pull" method.
Can i say to Master to "push" slave - to start a sync? For example im want slave updatetins right after im update master.
Sorry for terrible explanation...
On Thu, 25 Sep 2008, Proskurin Kirill wrote:
LDAP salve makes a search to master in some time interval to sync with it. It is like a "pull" method.
Can i say to Master to "push" slave - to start a sync? For example im want slave updatetins right after im update master.
If I"m understanding you correctly, refreshAndPersist will give you the outcome you desire, but not via the mechanism you described.
Aaron Richton wrote:
On Thu, 25 Sep 2008, Proskurin Kirill wrote:
LDAP salve makes a search to master in some time interval to sync with it. It is like a "pull" method.
Can i say to Master to "push" slave - to start a sync? For example im want slave updatetins right after im update master.
If I"m understanding you correctly, refreshAndPersist will give you the outcome you desire, but not via the mechanism you described.
Yes it is indeed what im need, thank you.
-- Best regards, Proskurin Kirill
openldap-software@openldap.org
-
Aaron Richton -
FRLinux -
Petter Solgaard -
Proskurin Kirill