Hello, I'm somewhat not experienced with LDAP on the server side of things I’m importing openldap 2.4. into 2.6.3. (rockylinux 9). My goal is to 2 have 2 N-way (or multi-master*) ldap nodes. I’ve changed hdb to mdb, created accesslog folder, fixed permissions, SSL etc The import doesn’t throw any errors. My understanding is that I need to have cn=config replication, as well as my small dc=domain,dc=com, replication as well The cn=config replication I call via this on both nodes followed by restarts
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE
dn: olcDatabase={0}config,cn=config changetype: modify replace: olcSyncRepl olcSyncRepl: rid=002 provider=ldaps://prod-ldap2.domain.com:636 bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=N… searchbase="cn=config" schemachecking=on type=refreshAndPersist retry="10 10 60 +" tls_reqcert=allow keepalive=240:10:30 olcSyncRepl: rid=001 provider=ldaps://prod-ldap1.domain.com:636 bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=N…… searchbase="cn=config" schemachecking=on type=refreshAndPersist retry="10 10 60 +" tls_reqcert=allow keepalive=240:10:30 - add: olcMirrorMode olcMirrorMode: TRUE
Now once I do that I’ve experimented with changing the olcLogLevel and it seems to work. The rid’s on each node are different server2 has rid=002, server 1 has rid=001 as well as different olcServerID
The part I run into issues is when I enable replication to the dc=domain,dc=com via
dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {2}syncprov olcSpCheckpoint: 20 10 olcSpSessionlog: 10000000
dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcSyncRepl olcSyncRepl: rid=021 provider=ldaps://prod-ldap1.domain.com:636 bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=N…. searchbase="dc=domain,dc=com" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="5 10 60 +" tls_reqcert=allow keepalive=240:10:30 olcSyncRepl: rid=022 provider=ldaps://prod-ldap2.domain.com:636 bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=N…. searchbase="dc=domain,dc=com" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="5 10 60 +" tls_reqcert=allow keepalive=240:10:30 - add: olcMirrorMode olcMirrorMode: TRUE
I have 2 sets rids 001/002 and 021/022 and I have olcMirrorMode set to true on both cn=config and domain replication
I’m pasting the relevant code around accesslog and syncprov that I think I’m getting wrong
dn: olcOverlay={3}syncprov,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {3}syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE structuralObjectClass: olcSyncProvConfig
dn: olcOverlay={4}accesslog,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: {4}accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogPurge: 07+00:00 01+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig
dn: olcDatabase={2}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {2}mdb olcDbDirectory: /var/lib/ldap/accesslog olcSuffix: cn=accesslog olcRootDN: cn=admin,dc=adaptavist,dc=com olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart structuralObjectClass: olcMdbConfig
dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE structuralObjectClass: olcSyncProvConfig
Replication works from node1 to node2, and in reverse. But it stops after 20 minutes or so After replication stops I see the on accesslog on one node has 4 records, on the other it has 3 and it never catches up even if I restart although at first it all works regardless of which node I update (change a random password)
What am I doing wrong? Perhaps more than one thing
Thank you