Hello friends, I've been trying to setup Mirror Mode replication, using the openldap.org docs and others from googling.. and am having some interesting results. I am new to this so this has been an enlightening experience to say the least, but perhaps if someone on the list might be able to answer a few questions that would be awesome...
I have 2 nodes, and want to get mirror mode running for high availibility .. and will add samba to auth ( later )
Basically it seems that mirror mode is sort of working.. i can see the syncRep talking back and forth .. However .. I cannot write to either nodes once replication is running.
Below example is me trying to add a user account:
error is : ( phpldapadmin reports ) LDAP said: Server is unwilling to perform Error number: 0x35 (LDAP_UNWILLING_TO_PERFORM) Description: The LDAP server refused to perform the operation.
log file reports in detail:
Mar 26 13:14:38 ldap01 slapd[1433]: >>> dnPrettyNormal: <cn=joepreston,dc=foobar,dc=com> Mar 26 13:14:38 ldap01 slapd[1433]: <<< dnPrettyNormal: <cn=joepreston,dc=foobar,dc=com>, <cn=joepreston,dc=foobar,dc=com> Mar 26 13:14:38 ldap01 slapd[1433]: do_add: dn (cn=joepreston,dc=foobar,dc=com) Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 ADD dn="cn=joepreston,dc=foobar,dc=com" Mar 26 13:14:38 ldap01 slapd[1433]: bdb_dn2entry("cn=joepreston,dc=foobar,dc=com") Mar 26 13:14:38 ldap01 slapd[1433]: => bdb_dn2id("cn=joepreston,dc=foobar,dc=com") Mar 26 13:14:38 ldap01 slapd[1433]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) Mar 26 13:14:38 ldap01 slapd[1433]: bdb_referrals: op=104 target="cn=joepreston,dc=foobar,dc=com" matched="dc=foobar,dc=com" Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: conn=14 op=1 p=3 Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: err=53 matched="" text="shadow context; no update referral" Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_response: msgid=2 tag=105 err=53 Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 RESULT tag=105 err=53 text=shadow context; no update referral Mar 26 13:14:38 ldap01 slapd[1433]: daemon: activity on 1 descriptor Ma
so:: text="shadow context; no update referral"
using mirrormode, i should be able to write to the db correct?
initally, i used ldapadd to add my ldif files on node 1 ( with syncRep commented out ) then useds slapcat/slapadd to populate the db on node 2, then uncommented syncRep on both nodes and restarted both.. ( this was because i was trying to troubleshoot the DB_NOTFOUND error above ... the result was it still errored ) however, it seems the text=shadow context; no update referral may be the real issue.
am i missing something in these configs in reguards to mirrormode?
logs seem to indicate syncRep is talking, and access is allowed, but no write, and if i ldap add to node 1 ( with Rep commented out ) then uncomment and restart both ( so node 1 has data but node2 does not, i can see syncRep talking, but node2 never picks up the changes )
ok whew, sorry about all of that.. any ideas?
using: openldap-2.3.27 CentOS 5.2 2.6.18-92.el5 64 db-4.7.25 smbldap-tools-0.9.5-1
was going to upgrade to the latest, but there are a ton of deps , so i though i'd ask forst..
many many thanks!
node1: slapd.conf
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/sudo.schema include /etc/openldap/schema/samba.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/lib64/openldap moduleload back_bdb.la moduleload back_ldap.la moduleload back_ldbm.la moduleload back_passwd.la moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/openldap/cacerts/cacert.pem TLSCertificateFile /etc/openldap/slapdcert.pem TLSCertificateKeyFile /etc/openldap/slapdkey.pem
access to * by dn.base="cn=Manager,dc=foobar,dc=com" read by * break
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=foobar,dc=com" rootdn "cn=Manager,dc=foobar,dc=com" rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
index objectclass,entryCSN,entryUUID eq index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index memberUid,mail,givenname eq,subinitial
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
# Global section serverID 1 # database section
# syncrepl directive syncrepl rid=001 provider=ldap://ldap02.hq.foobar.com bindmethod=simple binddn="cn=Manager,dc=foobar,dc=com" credentials=morefoo searchbase="dc=foobar,dc=com" schemachecking=on type=refreshAndPersist retry="60 +"
mirrormode on
node2:
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/sudo.schema include /etc/openldap/schema/samba.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/lib64/openldap moduleload back_bdb.la moduleload back_ldap.la moduleload back_ldbm.la moduleload back_passwd.la moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/openldap/cacerts/cacert.pem TLSCertificateFile /etc/openldap/slapdcert.pem TLSCertificateKeyFile /etc/openldap/slapdkey.pem
access to * by dn.base="cn=Manager,dc=foobar,dc=com" read by * break
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=foobar,dc=com" rootdn "cn=Manager,dc=foobar,dc=com" rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
index objectclass,entryCSN,entryUUID eq index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index memberUid,mail,givenname eq,subinitial
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
# Global section serverID 2 # database section
# syncrepl directive syncrepl rid=001 provider=ldap://ldap01.hq.foobar.com bindmethod=simple binddn="cn=Manager,dc=foobar,dc=com" credentials=morefoo searchbase="dc=foobar,dc=com" schemachecking=on type=refreshAndPersist retry="60 +"
mirrormode on