Hi, all, I cannot get replication to work even I get no error message. I change a record on the Master but when I check it on the slave, it remains unchanged. (Is it immediate?) The following command on slave: ldapsearch -x -h [MASTER HOST NAME] -W -D 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=tam)' returns no error message and gives the expected record. I am suspecting I may have screwed up the ssl/tls setting for the slave as I dont know what to put there. The master is set to use ssl/tls and it communicates fine with the client thru the ldaps protocol. Your help is much needed. First come the slapd.conf of the slave (I dont have the lines for ssl certs. I just use the ldaps address in the replication directive. Is that enough?): ### configuration for IER### writeen by T.Tanaka include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/samba.schema # Allow LDAPv2 client connections. This is NOT the default.allow bind_v2 # Do not enable referrals until AFTER you have a working directory# service AND an understanding of referrals.#referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pidargsfile /var/run/openldap/slapd.args ######################################################################## ldbm and/or bdb database definitions####################################################################### database bdbsuffix "dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn "cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"rootpw SLAVEPWdirectory /var/lib/ldap
# Replicas of this database
# Indices to maintain for this databaseindex objectClass eq,presindex ou,cn,mail,surname,givenname eq,pres,subindex uidNumber,gidNumber,loginShell eq,presindex uid,memberUid eq,pres,subindex nisMapName,nisMapEntry eq,pres,subindex entryCSN,entryUUID eq idlcachesize 1000
access to attrs=userPassword by dn="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" write by self write by anonymous auth by * none
access to * by dn="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" write by self write by * read
#loglevel stats sync syncrepl rid=001 provider=ldaps://mail.ier.hit-u.ac.jp type=refreshAndPersist interval=00:00:05:00 searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp" binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" credentials=SLAVEPW
Next come the slapd.conf of the master: ### configuration for IER### writeen by T.Tanaka### edited by WL.Tam
include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default.allow bind_v2 pidfile /var/run/openldap/slapd.pidargsfile /var/run/openldap/slapd.args
######################################################################## ldbm and/or bdb database definitions####################################################################### database bdbsuffix "dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"rootpw MASTERPWdirectory /var/lib/ldap
TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crtTLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crtTLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
overlay syncprovsyncprov-checkpoint 50 10syncprov-sessionlog 100
# Indices to maintain for this databaseindex objectClass eq,presindex ou,cn,mail,surname,givenname eq,pres,subindex uidNumber,gidNumber,loginShell eq,presindex uid,memberUid eq,pres,subindex nisMapName,nisMapEntry eq,pres,subindex entryCSN,entryUUID eq idlcachesize 1000
access to attrs=userPassword by self write by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by anonymous auth by * none
access to attrs=SambaLMPassword,SambaNTPassword by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by self read by anonymous auth by * none access to * by self write by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by * read