Hello friends, I've been trying to setup Mirror Mode replication, using
the
openldap.org docs and others from googling.. and am having some
interesting results. I am new to this so this has been an enlightening
experience to say the least, but perhaps if someone on the list might be
able to answer a few questions that would be awesome...
I have 2 nodes, and want to get mirror mode running for high
availibility .. and will add samba to auth ( later )
Basically it seems that mirror mode is sort of working.. i can see the
syncRep talking back and forth .. However .. I cannot write to either
nodes once replication is running.
Below example is me trying to add a user account:
error is : ( phpldapadmin reports )
LDAP said: Server is unwilling to perform
Error number: 0x35 (LDAP_UNWILLING_TO_PERFORM)
Description: The LDAP server refused to perform the operation.
log file reports in detail:
Mar 26 13:14:38 ldap01 slapd[1433]: >>> dnPrettyNormal:
<cn=joepreston,dc=foobar,dc=com>
Mar 26 13:14:38 ldap01 slapd[1433]: <<< dnPrettyNormal:
<cn=joepreston,dc=foobar,dc=com>, <cn=joepreston,dc=foobar,dc=com>
Mar 26 13:14:38 ldap01 slapd[1433]: do_add: dn
(cn=joepreston,dc=foobar,dc=com)
Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 ADD
dn="cn=joepreston,dc=foobar,dc=com"
Mar 26 13:14:38 ldap01 slapd[1433]:
bdb_dn2entry("cn=joepreston,dc=foobar,dc=com")
Mar 26 13:14:38 ldap01 slapd[1433]: =>
bdb_dn2id("cn=joepreston,dc=foobar,dc=com")
Mar 26 13:14:38 ldap01 slapd[1433]: <= bdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30989)
Mar 26 13:14:38 ldap01 slapd[1433]: bdb_referrals: op=104
target="cn=joepreston,dc=foobar,dc=com" matched="dc=foobar,dc=com"
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: conn=14 op=1 p=3
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: err=53 matched=""
text="shadow context; no update referral"
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_response: msgid=2 tag=105
err=53
Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 RESULT tag=105 err=53
text=shadow context; no update referral
Mar 26 13:14:38 ldap01 slapd[1433]: daemon: activity on 1 descriptor
Ma
so::
text="shadow context; no update referral"
using mirrormode, i should be able to write to the db correct?
initally, i used ldapadd to add my ldif files on node 1 ( with syncRep
commented out ) then useds slapcat/slapadd to populate the db on node 2,
then uncommented syncRep on both nodes and restarted both..
( this was because i was trying to troubleshoot the DB_NOTFOUND error
above ... the result was it still errored ) however, it seems the
text=shadow context; no update referral may be the real issue.
am i missing something in these configs in reguards to mirrormode?
logs seem to indicate syncRep is talking, and access is allowed,
but no write, and if i ldap add to node 1 ( with Rep commented out )
then uncomment and restart both ( so node 1 has data but node2 does not,
i can see syncRep talking, but node2 never picks up the changes )
ok whew, sorry about all of that.. any ideas?
using:
openldap-2.3.27
CentOS 5.2 2.6.18-92.el5 64
db-4.7.25
smbldap-tools-0.9.5-1
was going to upgrade to the latest, but there are a ton
of deps , so i though i'd ask forst..
many many thanks!
node1: slapd.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/samba.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
moduleload back_bdb.la
moduleload back_ldap.la
moduleload back_ldbm.la
moduleload back_passwd.la
moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/slapdkey.pem
access to *
by dn.base="cn=Manager,dc=foobar,dc=com" read
by * break
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=foobar,dc=com"
rootdn "cn=Manager,dc=foobar,dc=com"
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
index objectclass,entryCSN,entryUUID eq
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index memberUid,mail,givenname
eq,subinitial
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Global section
serverID 1
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap02.hq.foobar.com
bindmethod=simple
binddn="cn=Manager,dc=foobar,dc=com"
credentials=morefoo
searchbase="dc=foobar,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
node2:
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/samba.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
moduleload back_bdb.la
moduleload back_ldap.la
moduleload back_ldbm.la
moduleload back_passwd.la
moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/slapdkey.pem
access to *
by dn.base="cn=Manager,dc=foobar,dc=com" read
by * break
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=foobar,dc=com"
rootdn "cn=Manager,dc=foobar,dc=com"
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
index objectclass,entryCSN,entryUUID eq
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index memberUid,mail,givenname
eq,subinitial
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Global section
serverID 2
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap01.hq.foobar.com
bindmethod=simple
binddn="cn=Manager,dc=foobar,dc=com"
credentials=morefoo
searchbase="dc=foobar,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
--
Jonas Haskins
Sr Network Administrator
jhaskins(a)adready.com (206)792-5184
AdReady INC