Hi all,
My adventure with LDAP lasts a few months, and I came to the topic of replication,
namely multiple-master replication.
cn = config is replicated perfectly, but the schema, say, dc = example, dc = com does not want to: (.
I have two servers slap1 and slap2
I have a standard installation
##Server slap1
whezzy debian 64bit
apt-get install-y slapd ldap-utils
added my scheme
ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / memberof.ldif
ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / refint.ldif
# Add "ldap :/ / ldap1 / in /etc/default/slapd
sed-i "/^ SLAPD_SERVICES/s/=[^]*/=\"ldap:\/\/slap1\//'/etc/default/slapd
ldapmodify-Y EXTERNAL-H ldapi :/ / /-f replica1.ldif
where replica1.ldif (replication configuration)::
dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 1
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
#only for tests
olcRootPW: 123
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://slap1/
olcServerID: 2 ldap://slap2/
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://slap1/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=123
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=123
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
This same scenario takes on a server slap2 (the name change slap1 -> slap2)
where replica2.ldif (replication configuration only servers slap2) :
dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 2
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
dn: olcDatabase={0}config,cn=config
changetype: modify
#only for tests
add: olcRootPW
olcRootPW: 123
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://slap1/
olcServerID: 2 ldap://slap2/
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://slap1/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=123
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=123
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
and it works , the whole configuration is replicated .
Now I want ( I'm trying to add a replication scheme . )
Adds only one server , eg slap2 :
ldapmodify - Y EXTERNAL -H ldapi :/ / / -f rep_schema.ldif
where rep_schema.ldif :
# add replica schema
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: 123
-
replace: olcRootDN
olcRootDN: cn=admin,dc=example,dc=com
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcLimits
olcLimits: dn.exact="cn=admin,dc=example,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
-
add: olcSyncRepl
olcSyncRepl: rid=004 provider=ldap://ldap1/ binddn="cn=admin,dc=example,dc=com"
bindmethod=simple credentials="123"
searchbase="dc=example,dc=com"
starttls=no
filter="(objectclass=*)"
attrs="*,+" scope=sub
schemachecking=of
type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1
olcSyncRepl: rid=005 provider=ldap://ldap2/ binddn="cn=admin,dc=example,dc=com"
bindmethod=simple credentials="123"
searchbase="dc=example,dc=com"
starttls=no
filter="(objectclass=*)"
attrs="*,+" scope=sub
schemachecking=off
type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcMirrorMode
olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
Configuration replicates and the end, schema does not replicate.
If you try to replicate one of the servers are in the logs I see:
Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=004 rc -1 quitting
Dec 15 23:44:48 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=005 rc -1 retrying
Dec 15 23:44:58 slap1 slapd[4496]: =>do_syncrepl rid=005
Dec 15 23:44:58 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Dec 15 23:44:50 slap2 slapd[4456]: do_syncrepl: rid=004 rc -1 retrying
Dec 15 23:44:54 slap2 slapd[4456]: =>do_syncrepl rid=005
Dec 15 23:44:54 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Dec 15 23:44:54 slap2 slapd[4456]: do_syncrepl: rid=005 rc -1 quitting
Dec 15 23:45:00 slap2 slapd[4456]: =>do_syncrepl rid=004
Dec 15 23:45:00 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap1/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
from server slap2 to search slap1:
ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap1/ -b dc=example,dc=com -w 123 (working)
from server slap1 to search slap2:
ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap2/ -b dc=example,dc=com -w 123 (working)
I'm out of ideas...
user : DN="cn=admin,dc=example,dc=com" is created automatically when I install slapd
Can anyone have any suggestions or experience with this problem.
For all, thank you in advance.
Muniek