Hi, all, 

I cannot get replication to work even I get no error message. I change a record on the Master but when I check it on the slave, it remains unchanged. (Is it immediate?)

The following command on slave: ldapsearch -x -h [MASTER HOST NAME] -W -D 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=tam)'

returns no error message and gives the expected record. 

I am suspecting I may have screwed up the ssl/tls setting for the slave as I dont know what to put there. The master is set to use ssl/tls and it communicates fine with the client thru the ldaps protocol. 

Your help is much needed. 

First come the slapd.conf of the slave (I dont have the lines for ssl certs. I just use the ldaps address in the replication directive. Is that enough?):

###  configuration for IER

###  writeen by T.Tanaka

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections.  This is NOT the default.

allow bind_v2

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

#######################################################################

# ldbm and/or bdb database definitions

#######################################################################

database        bdb

suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"

rootdn          "cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"

rootpw SLAVEPW

directory       /var/lib/ldap

# Replicas of this database

# Indices to maintain for this database

index objectClass                       eq,pres

index ou,cn,mail,surname,givenname      eq,pres,sub

index uidNumber,gidNumber,loginShell    eq,pres

index uid,memberUid                     eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

index entryCSN,entryUUID eq  

idlcachesize 1000

access to attrs=userPassword

  by dn="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" write

  by self write

  by anonymous auth

  by * none

access to * 

  by dn="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" write

  by self write

  by * read

#loglevel stats sync

syncrepl rid=001                                   

    provider=ldaps://mail.ier.hit-u.ac.jp      

    type=refreshAndPersist

    interval=00:00:05:00

    searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"          

    binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"

    credentials=SLAVEPW

Next come the slapd.conf of the master:

###  configuration for IER

###  writeen by T.Tanaka

###  edited by WL.Tam

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections.  This is NOT the default.

allow bind_v2

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

#######################################################################

# ldbm and/or bdb database definitions

#######################################################################

database        bdb

suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"

rootdn          "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"

rootpw MASTERPW

directory       /var/lib/ldap

TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt

TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt

TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key

overlay syncprov

syncprov-checkpoint 50 10

syncprov-sessionlog 100   

# Indices to maintain for this database

index objectClass                       eq,pres

index ou,cn,mail,surname,givenname      eq,pres,sub

index uidNumber,gidNumber,loginShell    eq,pres

index uid,memberUid                     eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

index entryCSN,entryUUID eq 

idlcachesize 1000

access to attrs=userPassword

  by self write

  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write

  by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read

  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read

  by anonymous auth

  by * none

access to attrs=SambaLMPassword,SambaNTPassword

  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write

  by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read

  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read

  by self read

  by anonymous auth

  by * none

access to *

  by self write

  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write

  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read

  by * read