* Am still facing issue while configuring ldap in master slave for replication. am using openldap 2.2 version. OS: RHEL 4.0 And am trying to configure master slave replication thro slurpd method. i had configured my master slapd.conf and slave slave slapd.conf. similarly i configured master and slave ldap.conf. After that i stopped the service in master and slave by
[root@server ~]# service ldap stop
Stopping slapd: [ OK ]
Stopping slurpd: [ OK ]
[root@server ~]#
similarly in slave also.
then i copied the database manually using slapcat
[root@server openldap]# slapcat -b "dc=example,dc=com" -v -l example.com.ldif
# id=00000001
# id=00000003
[root@server openldap]# scp example.com.ldif root@151.2.119.133 :/var/lib/ldap/example.com/
root@151.2.119.133's password:
example.com.ldif 100% 747 0.7KB/s 00:00
[root@server openldap]#
In slave :
[root@slave openldap]# slapadd -b "dc=example,dc=com" -v -l example.com.ldif
added: "dc=example,dc=com" (00000001)
added: "cn=Manager,dc=example,dc=com" (00000002)
[root@slave openldap]#
but when i create a user in ldapmaster and check that user in slave,i was not able to found.
there was no log in replogfile.
[root@server ~]# useradd test
[root@server ~]# passwd test
Changing password for user test.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@server ~]#
In slave
[root@slave openldap]# id test
id: test: No such user
Here is my configuration files
master slapd.conf * *=============* *#######################################################################*
# ldbm and/or bdb database definitions
####################################################################### *
database bdb *
#The base of your directory *
suffix "dc=example,dc=com" *
#where the database files are physically stored *
directory "/var/lib/ldap/example.com" *
#Distinguished name,not subject to access control *
rootdn "cn=Manager,dc=example,dc=com"
rootpw password *
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database *
replica uri=ldap://=151.2.119.133:389
suffix="dc=example,dc=com"
binddn="cn=syncuser,dc=example,dc=com"
bindmethod=simple credentials=hcllch
replogfile /var/lib/ldap/replogfile *
#ACL's *
access to attrs=userpassword
by self write
by anonymous auth
by dn="cn=syncuser,dc=example,dc=com" read
by * auth
access to *
by self write
by dn="cn=syncuser,dc=example,dc=com" read
by * read *
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
[root@server openldap]#
*
Slave slapd.conf
============== *
#######################################################################
# ldbm and/or bdb database definitions
####################################################################### *
database bdb *
#The base of your directory *
suffix "dc=example,dc=com" *
#where the database files are physically stored
#directory "/var/lib/ldap/ldap-test"
#Distinguished name,not subject to access control *
rootdn "cn=Manager,dc=example,dc=com"
rootpw password *
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended *
updatedn cn=syncuser,dc=example,dc=com
updateref ldap://151.2.119.120
directory /var/lib/ldap/example.com
access to attrs=userpassword
by self write
by anonymous auth
by dn="cn=syncuser,dc=example,dc=com" write
by * auth
access to *
by self write
by dn="cn=syncuser,dc=example,dc=com" write
by * read *
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
[root@slave openldap]#
*
Master ldap.conf
============== *
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never *
host 151.2.119.120 151.2.119.133
base dc=example,dc=com
binddn cn=Manager,dc=example,dc=com
bindpw password
bind_policy soft
pam_password expo
Slave ldap.conf
============== *
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never *
host 151.2.119.133 151.2.119.120
base dc=example,dc=com
binddn cn=Manager,dc=example,dc=com
bindpw password
bind_policy soft
pam_password expo *