People,

I am currently trying to setup a multi-master ldap setup. The setup is running on CentOS 5.1 with kernel 2.6.18-53.el5. In this setup I have migrated the UNIX authentication files using MigrationTools and everything worked fine. When I am trying to setup the replication I am encountering a strange behavior. The initial synchronization was performed by copying /var/lib/ldap directory when openldap was shutdown. On starting both nodes query each other and everything seems operating correctly. When I perform a change on either node, the node performs the local change however it is not propagated on the other node and in the /var/log/ldap.log I get the following message:

When ever the change is made on ldap1 it reports:

Jan 23 10:10:43 ldap1 slapd[5787]: null_callback : error code 0x10

Jan 23 10:10:43 ldap1 slapd[5787]: syncrepl_updateCookie: rid=002 be_modify failed (16)

When ever the change is made on ldap2 it reports:

Jan 23 10:40:31 ldap2 slapd[5677]: null_callback : error code 0x10

Jan 23 10:40:31 ldap2 slapd[5677]: syncrepl_updateCookie: rid=002 be_modify failed (16)

Setup details:

cd /root/ldap_inst

tar xvzf db-4.6.21.tar.gz

tar xvzf openldap-2.4.7.tgz

cd db-4.6.21

cd build_unix/

../dist/configure --prefix=/usr

make clean (as root)

make (as root)

cd /usr/share/libtool/libltdl

configure --prefix=/usr

make

make install (as root)

cd /root/ldap_install/openldap-2.4.7

./configure --prefix=/usrd /usr/share/libtool/libltdl./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin --mandir=/usr/share/man --with-tls --without-cyrus-sasl -enable-modules -enable-bdb=mod -enable-hdb=mod -enable-ldap=mod --enable-crypt

make depend

make

make install (as root)

This procedure was completed on two nodes, namely ldap1 and ldap2. This slapd.conf of each nodes is as follows:

Ldap1:

cat /etc/openldap/slapd.conf | grep -v ^# | grep -v ^$

include /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

include /etc/openldap/schema/nis.schema

include /etc/openldap/schema/misc.schema

allow bind_v2

pidfile /var/run/slapd.pid

argsfile /var/run/slapd.args

modulepath /usr/sbin/openldap

moduleload back_bdb.la

TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3

TLSCACertificateFile /etc/openldap/cacert.pem

TLSCertificateFile /etc/openldap/slapd-cert-ldap1.pem

TLSCertificateKeyFile /etc/openldap/slapd-key-ldap1.pem

serverID 1 ldap://ldap1:389/

serverID 2 ldap://ldap2:389/

database bdb

suffix "dc=linuxldap,dc=org"

rootdn "cn=Manager,dc=linuxldap,dc=org"

rootpw secret

directory /var/lib/ldap

checkpoint 128 15

cachesize 10000

dncachesize 5000

idlcachesize 30000

overlay syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

index objectClass,entryUUID,entryCSN eq

#syncRepl rid=001

# provider=ldap://ldap1:389

# binddn="cn=Manager,dc=linuxldap,dc=org"

# bindmethod=simple

# credentials=secret

# searchbase="dc=linuxldap,dc=org"

# type=refreshOnly

# interval=00:00:00:05

# retry="5 5 300 5"

# timeout=1

syncRepl rid=002

provider=ldap://ldap2:389

binddn="cn=Manager,dc=linuxldap,dc=org"

bindmethod=simple

credentials=secret

searchbase="dc=linuxldap,dc=org"

type=refreshOnly

interval=00:00:00:05

retry="5 5 300 5"

timeout=1

mirrormode true

sockbuf_max_incoming 5000

sockbuf_max_incoming_auth 5000

database monitor

Ldap2: