Hi everyone,
i'm no ldap expert at all. in fact i'm very noob. a few months ago i'd configured 2 ldap servers. they were set in 2 separated networks, and syncronized via a openvpn link. all was working ok when when about a month ago they stop syncing. the replogfile is empty.
main server (piece of slapd.conf): replogfile /var/lib/ldap/openldap-master-replog replica host=192.168.0.2:389 binddn="cn=root,dc=dominio,dc=com,dc=br" bindmethod=simple credentials=[pass]
secondary server (piece of slapd.conf) updatedn "cn=root,dc=dominio,dc=com,dc=br" updateref ldap://192.168.1.2:380
Sorry about my poor english, i'm from brasil.
----- "Leonardo Carneiro" lscarneiro@veltrac.com.br wrote:
Hi everyone,
i'm no ldap expert at all. in fact i'm very noob. a few months ago i'd configured 2 ldap servers. they were set in 2 separated networks, and syncronized via a openvpn link. all was working ok when when about a month ago they stop syncing. the replogfile is empty.
main server (piece of slapd.conf): replogfile /var/lib/ldap/openldap-master-replog replica host=192.168.0.2:389 binddn="cn=root,dc=dominio,dc=com,dc=br" bindmethod=simple credentials=[pass]
secondary server (piece of slapd.conf) updatedn "cn=root,dc=dominio,dc=com,dc=br" updateref ldap://192.168.1.2:380
Here are some quick questions you need to answer:
1. Is the VPN still working? 2. If so, can I contact each directory server? 3. Why have I not migrated from slurpd to Syncrepl?
Once you verify all the standard system administration debugging steps to yourself, please come back with specific questions about OpenLDAP, then we can help! ;-)
Thanks,
Gavin.
----- "Leonardo Carneiro" lscarneiro@veltrac.com.br wrote:
Hi Gavin and everyone,
The openvpn link is ok and both servers have visibility of each other. In fact, the vpn doesn't just link the 2 servers, both the whole networks. About slurpd and syncrepl, now that you said i suppose that syncrepl is a improved way of replicate the server (i really don't know the difference =P). Can i do a 2-way replication with syncrepl (every change in each server will be replicated to the other one)? I'll read about and give a try. Tks for the info.
Yes, please do read http://www.openldap.org/doc/admin24/replication.html and make sure you uprgade to our stable version, which is 2.4.16 for best experience and support.
Thanks.
I've tried the mirrormode, explained in the doc that Gavin posted, but in every change that i made, the ldap server returns me the following error: [key i'm attemping to change] failed : shadow context; no update referral
My 2 databases are far from being syncronized. Do the databases have to be already syncronized to keep syncronizing with mirrormode or something?
slapd.conf server 1
# Replicas of this database ## DEPRACATED #replogfile /var/lib/ldap/openldap-master-replog #replica host=192.168.0.2:389 # binddn="cn=root,dc=dominio,dc=com,dc=br" # bindmethod=simple credentials=######
# Replicas of this database serverID 1 syncrepl rid=001 provider=ldap://192.168.0.2 bindmethod=simple binddn="cn=root,dc=dominio,dc=com,dc=br" credentials=mirrormode searchbase="dc=dominio,dc=com,dc=br" schemachecking=on type=refreshAndPersist retry="60 +"
mirrormode on
slapd.conf server 2
###### sync with the main server ## DEPRECATED #updatedn "cn=root,dc=dominio,dc=com,dc=br" #updateref ldap://192.168.1.2:380
serverID 2 syncrepl rid=001 provider=ldap://192.168.1.2 bindmethod=simple binddn="cn=root,dc=dominio,dc=com,dc=br" credentials=mirrormode searchbase="dc=dominio,dc=com,dc=br" schemachecking=on type=refreshAndPersist retry="60 +"
mirrormode on
Gavin Henry escreveu:
----- "Leonardo Carneiro" lscarneiro@veltrac.com.br wrote:
Hi Gavin and everyone,
The openvpn link is ok and both servers have visibility of each other. In fact, the vpn doesn't just link the 2 servers, both the whole networks. About slurpd and syncrepl, now that you said i suppose that syncrepl is a improved way of replicate the server (i really don't know the difference =P). Can i do a 2-way replication with syncrepl (every change in each server will be replicated to the other one)? I'll read about and give a try. Tks for the info.
Yes, please do read http://www.openldap.org/doc/admin24/replication.html and make sure you uprgade to our stable version, which is 2.4.16 for best experience and support.
Thanks.
openldap-software@openldap.org
-
Gavin Henry -
Gavin Henry -
Leonardo Carneiro