I am not a pro at OpenLDAP but do you need to setup the "frontend" database in replication mode? In my setup, only "cn=config" is set to replicate and that takes care of replication of the "frontend" too such that any ACL changes in "frontend" of one instance propogate to other instances as well.
- Siddhartha
-----Original Message----- From: openldap-technical-bounces+sjain=silverspringnet.com@openldap.org [mailto:openldap-technical- bounces+sjain=silverspringnet.com@openldap.org] On Behalf Of Marcio Merlone Sent: Wednesday, May 26, 2010 11:32 AM To: openldap-technical@openldap.org Subject: Replication via cn=config
Hi all,
I am setting a pair of multi-master replicated servers (venus and haumea) using Ubuntu 10.04 and OpenLDAP 2.4.21-0ubuntu5. I am following the docs at http://www.openldap.org/doc/admin24/replication.html and when I get to the part for this ldif:
dn: olcDatabase={1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {1}frontend olcSuffix: dc=tld olcDbDirectory: ./db olcRootDN: cn=admin,dc=tld olcRootPW: secret olcLimits: dn.exact="cn=admin,dc=tld" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcSyncRepl: rid=003 provider=ldap://haumea.tld binddn="cn=admin,dc=tld" bindmethod=simple credentials=secret searchbase="dc=tld" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=004 provider=ldap://venus.tld binddn="cn=admin,dc=tld" bindmethod=simple credentials=secret searchbase="dc=tld" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}frontend,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
I get htis error:
root@haumea:/etc/ldap# ldapadd -x -H ldap://localhost/ -D "cn=admin,cn=config" -W -f replica.ldif Enter LDAP Password: adding new entry "olcDatabase={1}frontend,cn=config" ldap_add: Object class violation (65) additional info: attribute 'olcDbDirectory' not allowed
root@haumea:/etc/ldap#
I googled for this but got very few useless results. Can someone point me the right direction?
Thanks and best regards.
-- Marcio Merlone