***NOTE: Btw, I can't get to the openldap.org site, this morning. Receiving a "Bad Response"
Anyway, setting up (or attempting) an N-way Multi-Master (in the end will be 3-way Multi-Master -- the below is only a 2-Way). Been reading the man pages, and the procedure(s) in section 18.3.3 in the "24 Admin Guide", etc.
Currently, have two servers (going to build one more) to play with.
(1) [root@<client_of_server2> openldap]# ldapsearch -W -x -H "ldap://<server2>.example.ldap" -ZZ -v -D cn=admin,cn=config -b cn=config olcOverlay={0}syncprov ldap_initialize( ldap://<server2>.example.ldap ) Enter LDAP Password: filter: olcOverlay={0}syncprov requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: olcOverlay={0}syncprov # requesting: ALL #
# {0}syncprov, {0}config, config dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top objectClass: olcSyncProvConfig olcOverlay: {0}syncprov
(2) [root@<server1> openldap]# ldapsearch -W -x -H "ldap://<server1>.example.ldap" -ZZ -v -D cn=admin,cn=config -b cn=config olcOverlay=syncprov ldap_initialize( ldap://<server1>.example.ldap ) Enter LDAP Password: filter: olcOverlay=syncprov requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: olcOverlay=syncprov # requesting: ALL #
# {0}syncprov, {0}config, config dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top objectClass: olcSyncProvConfig olcOverlay: {0}syncprov
(3) [root@<server1> openldap]# ldapsearch -W -x -H "ldap://<server1>.example.ldap" -ZZ -v -D cn=admin,cn=config -b cn=config olcDatabase=config ldap_initialize( ldap://<server1>.example.ldap ) Enter LDAP Password: filter: olcDatabase=config requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: olcDatabase=config # requesting: ALL #
# {0}config, config dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by * none olcAddContentAcl: TRUE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,cn=config olcRootPW: {SSHA}**** olcSyncUseSubentry: FALSE olcMonitoring: FALSE olcSyncrepl: {0}rid=001 provider=ldap://<server1>.example.ldap binddn="cn=co nfig" bindmethod=simple credentials=<password> searchbase="cn=config" type=r efreshAndPersist retry="5 5 300 5" timeout=1
When I attempted to add the olcSyncrepl attribute, I added two "rids" but, somehow it only took one. Now, I can't add a second, nor can I delete the rid=001. With the configuration as it stands, I know it is in a loop. Attempt to add the second rid, again: #Add_LDIF: dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncrepl olcSyncreple: {1}rid=002 provider://<server2>.example.ldap binddn="cn=config" bindmethod=simple credentials=<password> searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
I receive the following error: LDAP error code 53: shadow context; no update referral
If I attempt to add an olcUpdateRef, the following error appears: "must appear after syncrepl or updatedn"
Even if, what appears to me, I add it after the syncrepl attribute. This is a test configuration...so, back-tracking is not a problem. Just would like to know if the Admin Guide missed a few steps and/or I did and where.
Again, right now, the openldap.org site cannot be reached...so, I can't review the manual to see what I may have missed.
Thanks in advance;
Dave Borresen MIT Lincoln Lab