People,

 

            I am currently trying to setup a multi-master ldap setup. The setup is running on CentOS 5.1 with kernel 2.6.18-53.el5. In this setup I have migrated the UNIX authentication files using MigrationTools and everything worked fine. When I am trying to setup the replication I am encountering a strange behavior. The initial synchronization was performed by copying /var/lib/ldap directory when openldap was shutdown. On starting both nodes query each other and everything seems operating correctly. When I perform a change on either node, the node performs the local change however it is not propagated on the other node and in the /var/log/ldap.log I get the following message:

 

When ever the change is made on ldap1 it reports:

Jan 23 10:10:43 ldap1 slapd[5787]: null_callback : error code 0x10

Jan 23 10:10:43 ldap1 slapd[5787]: syncrepl_updateCookie: rid=002 be_modify failed (16)

 

When ever the change is made on ldap2 it reports:

Jan 23 10:40:31 ldap2 slapd[5677]: null_callback : error code 0x10

Jan 23 10:40:31 ldap2 slapd[5677]: syncrepl_updateCookie: rid=002 be_modify failed (16)

 

Setup details:

 

cd /root/ldap_inst

tar xvzf db-4.6.21.tar.gz

tar xvzf openldap-2.4.7.tgz

cd db-4.6.21

cd build_unix/

../dist/configure --prefix=/usr

make clean (as root)

make (as root)

 

cd /usr/share/libtool/libltdl

configure --prefix=/usr

make

make install (as root)

 

cd /root/ldap_install/openldap-2.4.7

./configure --prefix=/usrd /usr/share/libtool/libltdl./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin --mandir=/usr/share/man --with-tls --without-cyrus-sasl   -enable-modules -enable-bdb=mod -enable-hdb=mod -enable-ldap=mod --enable-crypt 

make depend

make

make install (as root)

 

 

This procedure was completed on two nodes, namely ldap1 and ldap2.  This slapd.conf of each nodes is as follows:

 

 

Ldap1:

 

cat /etc/openldap/slapd.conf | grep -v ^# | grep -v  ^$

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/misc.schema

allow bind_v2

pidfile         /var/run/slapd.pid

argsfile        /var/run/slapd.args

modulepath      /usr/sbin/openldap

moduleload      back_bdb.la

TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3

TLSCACertificateFile /etc/openldap/cacert.pem

TLSCertificateFile /etc/openldap/slapd-cert-ldap1.pem

TLSCertificateKeyFile /etc/openldap/slapd-key-ldap1.pem

serverID        1   ldap://ldap1:389/

serverID        2   ldap://ldap2:389/

database        bdb

suffix          "dc=linuxldap,dc=org"

rootdn          "cn=Manager,dc=linuxldap,dc=org"

rootpw          secret

directory       /var/lib/ldap

checkpoint 128 15

cachesize 10000

dncachesize 5000

idlcachesize 30000

overlay syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

index   objectClass,entryUUID,entryCSN      eq

#syncRepl rid=001

#         provider=ldap://ldap1:389

#         binddn="cn=Manager,dc=linuxldap,dc=org"

#         bindmethod=simple

#         credentials=secret

#         searchbase="dc=linuxldap,dc=org"

#         type=refreshOnly

#         interval=00:00:00:05

#         retry="5 5 300 5"

#         timeout=1

syncRepl rid=002

         provider=ldap://ldap2:389

         binddn="cn=Manager,dc=linuxldap,dc=org"

         bindmethod=simple

         credentials=secret

         searchbase="dc=linuxldap,dc=org"

         type=refreshOnly

         interval=00:00:00:05

         retry="5 5 300 5"

         timeout=1

mirrormode      true

sockbuf_max_incoming 5000

sockbuf_max_incoming_auth 5000

database        monitor

 

Ldap2:

 

cat /etc/openldap/slapd.conf | grep -v ^# | grep -v  ^$

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/misc.schema

allow bind_v2

pidfile         /var/run/slapd.pid

argsfile        /var/run/slapd.args

modulepath      /usr/sbin/openldap

moduleload      back_bdb.la

TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3

TLSCACertificateFile /etc/openldap/cacert.pem

TLSCertificateFile /etc/openldap/slapd-cert-ldap1.pem

TLSCertificateKeyFile /etc/openldap/slapd-key-ldap1.pem

serverID        1   ldap://ldap1:389/

serverID        2   ldap://ldap2:389/

database        bdb

suffix          "dc=linuxldap,dc=org"

rootdn          "cn=Manager,dc=linuxldap,dc=org"

rootpw          secret

directory       /var/lib/ldap

checkpoint 128 15

cachesize 10000

dncachesize 5000

idlcachesize 30000

overlay syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

index   objectClass,entryUUID,entryCSN      eq

syncRepl rid=001

         provider=ldap://ldap1:389

        binddn="cn=Manager,dc=linuxldap,dc=org"

         bindmethod=simple

         credentials=secret

         searchbase="dc=linuxldap,dc=org"

         type=refreshOnly

         interval=00:00:00:05

         retry="5 5 300 5"

         timeout=1

#syncRepl rid=002

#         provider=ldap://ldap2:389

#         binddn="cn=Manager,dc=linuxldap,dc=org"

#         bindmethod=simple

#         credentials=secret

#         searchbase="dc=linuxldap,dc=org"

#         type=refreshOnly

#         interval=00:00:00:05

#         retry="5 5 300 5"

#         timeout=1

mirrormode      true

sockbuf_max_incoming 5000

sockbuf_max_incoming_auth 5000

database        monitor

 

 

Regards,

Kenneth Penza