Sorry I just realized those configurations were incomplete
ldap01: include /usr/share/openldap2.4/schema/core.schema include /usr/share/openldap2.4/schema/cosine.schema include /usr/share/openldap2.4/schema/corba.schema include /usr/share/openldap2.4/schema/inetorgperson.schema include /usr/share/openldap2.4/schema/java.schema include /usr/share/openldap2.4/schema/krb5-kdc.schema include /usr/share/openldap2.4/schema/kerberosobject.schema include /usr/share/openldap2.4/schema/misc.schema include /usr/share/openldap2.4/schema/nis.schema include /usr/share/openldap2.4/schema/openldap.schema include /usr/share/openldap2.4/schema/autofs.schema include /usr/share/openldap2.4/schema/samba.schema include /usr/share/openldap2.4/schema/kolab.schema include /usr/share/openldap2.4/schema/evolutionperson.schema include /usr/share/openldap2.4/schema/calendar.schema include /usr/share/openldap2.4/schema/sudo.schema include /usr/share/openldap2.4/schema/dnszone.schema include /usr/share/openldap2.4/schema/dhcp.schema include /etc/openldap2.4/schema/local.schema include /etc/openldap2.4/slapd.access.conf pidfile /var/run/ldap2.4/slapd.pid argsfile /var/run/ldap2.4/slapd.args modulepath /usr/lib64/openldap2.4 moduleload syncprov.la TLSCertificateFile /etc/ssl/openldap2.4/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap2.4/ldap.pem TLSCACertificateFile /etc/ssl/openldap2.4/ldap.pem loglevel 32 256 1024 database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" rootpw directory /var/lib/ldap2.4 checkpoint 256 5 index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq index entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 200
ldap02:
include /usr/share/openldap2.4/schema/core.schema include /usr/share/openldap2.4/schema/cosine.schema include /usr/share/openldap2.4/schema/corba.schema include /usr/share/openldap2.4/schema/inetorgperson.schema include /usr/share/openldap2.4/schema/java.schema include /usr/share/openldap2.4/schema/krb5-kdc.schema include /usr/share/openldap2.4/schema/kerberosobject.schema include /usr/share/openldap2.4/schema/misc.schema include /usr/share/openldap2.4/schema/nis.schema include /usr/share/openldap2.4/schema/openldap.schema include /usr/share/openldap2.4/schema/autofs.schema include /usr/share/openldap2.4/schema/samba.schema include /usr/share/openldap2.4/schema/kolab.schema include /usr/share/openldap2.4/schema/evolutionperson.schema include /usr/share/openldap2.4/schema/calendar.schema include /usr/share/openldap2.4/schema/sudo.schema include /usr/share/openldap2.4/schema/dnszone.schema include /usr/share/openldap2.4/schema/dhcp.schema include /etc/openldap2.4/schema/local.schema include /etc/openldap2.4/slapd.access.conf pidfile /var/run/ldap2.4/slapd.pid argsfile /var/run/ldap2.4/slapd.args modulepath /usr/lib64/openldap2.4 moduleload syncprov.la TLSCertificateFile /etc/ssl/openldap2.4/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap2.4/ldap.pem TLSCACertificateFile /etc/ssl/openldap2.4/ldap.pem loglevel 32 256 1024 database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" rootpw directory /var/lib/ldap2.4 checkpoint 256 5 index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq limits group="cn=Replicator,ou=Group,dc=example,dc=com" size=unlimited time=unlimited
referral ldaps://ldap01.sec.example.net/ syncrepl rid=123 provider=ldaps://ldap01.sec.example.net/ type=refreshAndPersist searchbase="dc=example,dc=net" scope=sub schemachecking=off bindmethod=simple binddn="cn=manager,dc=example,dc=net" attrs="*" credentials=
- Justin Lintz
On Tue, Dec 9, 2008 at 4:45 PM, Justin Lintz jlintz@gmail.com wrote:
Hi,
I am currently working on trying to configure replication between 2 ldap servers. Here is my current setup....
2 servers, ldap01 and ldap02, both running centos 5.2 x86_64 with openldap2.4 installed from http://staff.telkomsa.net/packages/rhel5/openldap/x86_64/
openldap2.4-servers-2.4.11-1.rhel5
my slapd.conf on ldap01 is:
modulepath /usr/lib64/openldap2.4 moduleload syncprov.la TLSCertificateFile /etc/ssl/openldap2.4/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap2.4/ldap.pem TLSCACertificateFile /etc/ssl/openldap2.4/ldap.pem loglevel 32 256 1024 database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" rootpw directory /var/lib/ldap2.4 checkpoint 256 5 index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq index entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 200
slapd.conf on ldap02 is":
directory /var/lib/ldap2.4 checkpoint 256 5 index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq referral ldaps://ldap01/ syncrepl rid=123 provider=ldaps://ldap01/ type=refreshAndPersist searchbase="dc=example,dc=net" scope=sub schemachecking=off bindmethod=simple binddn="cn=manager,dc=example,dc=net" attrs="*" credentials=
This appears to work but it seems after some time the replication stops working , not seeing anything in the logs either.
Also with this setup, given a situation where ldap01 died and ldap02 took over, when I brought ldap01 back online, would configuration changes need to be made to ensure any changes that were made to ldap02 were replicated back properly or am I not using the proper replication technique for this situation? I'm still a bit new to OpenLDAP so I apologize if I explained anything incorrrectly. My end goal is to have 2 ldap servers in place where in the event of a failure the secondary could take over and when the primary is restored, have it fail back over without any loss of changes.
- Justin Lintz