slurpd replication problmes

30 May 2008


      i'm trying to set up the repliacation with openldap 2.3 (using the one
debian etch), when i add things to master everything is fine, it
replicates it to slave just fine, on the other hand when i add things
to slave it simply writes it to it's own tree.
here is slapd.conf of the slave (stripped of any comments):
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
modulepath      /usr/lib/ldap
moduleload      back_bdb
sizelimit 500
tool-threads 1
backend         bdb
checkpoint 512 30
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/ldap/cacert.pem
TLSCertificateFile /etc/ldap/servercrt.pem
TLSCertificateKeyFile /etc/ldap/serverkey.pem
loglevel stats
database        bdb
suffix          "dc=kiberpipa,dc=org"
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index           objectClass eq
lastmod         on
access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=kiberpipa,dc=org" write
        by anonymous auth
        by self write
        by * none
access to dn.base="" by * read
access to *
        by dn="cn=admin,dc=kiberpipa,dc=org" write
        by * read
updatedn        "cn=admin,dc=kiberpipa,dc=org"
updateref       "ldaps://chat.kiberpipa.org:636"
with this command "ldapadd -d 65535 -WxD
'cn=admin,dc=kiberpipa,dc=org' -f /tmp/b00" (on slave) i'm getting
http://static.kiberpipa.org/~redduck666/local_adding.txt with
"ldapadd -d 65535 -WxD 'cn=admin,dc=kiberpipa,dc=org' -f /tmp/b00 -H
ldaps://chat.kiberpipa.org:636" i get
http://static.kiberpipa.org/~redduck666/add_to_master.txt (passing it
the same password they write to
i have seen the certificate error there, if i change the ldap.conf on
slave to point to ldap:// instead of ldaps:// that error goes away,
however it still doesn't touch master.
i also read i really shouldn't set updatedn to be the same as rootdn,
well, tried changing it and granting full priviledges to the newly
created account, no difference
any pointers appreciated :-)
-- 
For far too long, power has been concentrated in the hands of "root"
and his "wheel" oligarchy. We have instituted a dictatorship of the
users. All system administration functions will be handled by the
People's Committee for Democratically Organizing the System (PC-DOS).

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

slurpd replication problmes