People,
I am currently trying to setup a multi-master ldap setup. The setup is running on CentOS 5.1 with kernel 2.6.18-53.el5. In this setup I have migrated the UNIX authentication files using MigrationTools and everything worked fine. When I am trying to setup the replication I am encountering a strange behavior. The initial synchronization was performed by copying /var/lib/ldap directory when openldap was shutdown. On starting both nodes query each other and everything seems operating correctly. When I perform a change on either node, the node performs the local change however it is not propagated on the other node and in the /var/log/ldap.log I get the following message:
When ever the change is made on ldap1 it reports:
Jan 23 10:10:43 ldap1 slapd[5787]: null_callback : error code 0x10
Jan 23 10:10:43 ldap1 slapd[5787]: syncrepl_updateCookie: rid=002 be_modify failed (16)
When ever the change is made on ldap2 it reports:
Jan 23 10:40:31 ldap2 slapd[5677]: null_callback : error code 0x10
Jan 23 10:40:31 ldap2 slapd[5677]: syncrepl_updateCookie: rid=002 be_modify failed (16)
Setup details:
cd /root/ldap_inst
tar xvzf db-4.6.21.tar.gz
tar xvzf openldap-2.4.7.tgz
cd db-4.6.21
cd build_unix/
../dist/configure --prefix=/usr
make clean (as root)
make (as root)
cd /usr/share/libtool/libltdl
configure --prefix=/usr
make
make install (as root)
cd /root/ldap_install/openldap-2.4.7
./configure --prefix=/usrd /usr/share/libtool/libltdl./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin --mandir=/usr/share/man --with-tls --without-cyrus-sasl -enable-modules -enable-bdb=mod -enable-hdb=mod -enable-ldap=mod --enable-crypt
make depend
make
make install (as root)
This procedure was completed on two nodes, namely ldap1 and ldap2. This slapd.conf of each nodes is as follows:
Ldap1:
cat /etc/openldap/slapd.conf | grep -v ^# | grep -v ^$
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
modulepath /usr/sbin/openldap
moduleload back_bdb.la
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/slapd-cert-ldap1.pem
TLSCertificateKeyFile /etc/openldap/slapd-key-ldap1.pem
serverID 1 ldap://ldap1:389/
serverID 2 ldap://ldap2:389/
database bdb
suffix "dc=linuxldap,dc=org"
rootdn "cn=Manager,dc=linuxldap,dc=org"
rootpw secret
directory /var/lib/ldap
checkpoint 128 15
cachesize 10000
dncachesize 5000
idlcachesize 30000
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index objectClass,entryUUID,entryCSN eq
#syncRepl rid=001
# provider=ldap://ldap1:389
# binddn="cn=Manager,dc=linuxldap,dc=org"
# bindmethod=simple
# credentials=secret
# searchbase="dc=linuxldap,dc=org"
# type=refreshOnly
# interval=00:00:00:05
# retry="5 5 300 5"
# timeout=1
syncRepl rid=002
provider=ldap://ldap2:389
binddn="cn=Manager,dc=linuxldap,dc=org"
bindmethod=simple
credentials=secret
searchbase="dc=linuxldap,dc=org"
type=refreshOnly
interval=00:00:00:05
retry="5 5 300 5"
timeout=1
mirrormode true
sockbuf_max_incoming 5000
sockbuf_max_incoming_auth 5000
database monitor
Ldap2:
cat /etc/openldap/slapd.conf | grep -v ^# | grep -v ^$
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
modulepath /usr/sbin/openldap
moduleload back_bdb.la
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/slapd-cert-ldap1.pem
TLSCertificateKeyFile /etc/openldap/slapd-key-ldap1.pem
serverID 1 ldap://ldap1:389/
serverID 2 ldap://ldap2:389/
database bdb
suffix "dc=linuxldap,dc=org"
rootdn "cn=Manager,dc=linuxldap,dc=org"
rootpw secret
directory /var/lib/ldap
checkpoint 128 15
cachesize 10000
dncachesize 5000
idlcachesize 30000
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index objectClass,entryUUID,entryCSN eq
syncRepl rid=001
provider=ldap://ldap1:389
binddn="cn=Manager,dc=linuxldap,dc=org"
bindmethod=simple
credentials=secret
searchbase="dc=linuxldap,dc=org"
type=refreshOnly
interval=00:00:00:05
retry="5 5 300 5"
timeout=1
#syncRepl rid=002
# provider=ldap://ldap2:389
# binddn="cn=Manager,dc=linuxldap,dc=org"
# bindmethod=simple
# credentials=secret
# searchbase="dc=linuxldap,dc=org"
# type=refreshOnly
# interval=00:00:00:05
# retry="5 5 300 5"
# timeout=1
mirrormode true
sockbuf_max_incoming 5000
sockbuf_max_incoming_auth 5000
database monitor
Regards,
Kenneth Penza