On Sunday 27 May 2012 21:06:43 Patrick Hemmer wrote:
Where are you putting the MirrorMode parameter? When I copy/paste your config you provided in the first email into an editor, line 31 is before "database config", which would be the problem. You need to put it after "database config" so that it applies to the config database.
As for the shadow thing, both server's are shadows/consumers. Theyre also both providers.
Thanks a lot. This made it finally work.
1. I misunderstood "shadow" as being a completely different mode in which the whole instance runs.
2. I placed the 'MirrorMode' statement at the wrong position. a) It mustn't be set in the global section b) It must be set after the 'syncrepl' statements inside a DB definition
For reference/anyone else fighting with this, a short howto how I got it up and running now:
1. Make sure /etc/openldap/slapd.d/ and the openldap-data directory (here: /var/lib/openldap-data) is emptied
2. Use the basic config (see below) to seed the initial online config of each instance using the command slapd -f /tmp/slapd.conf -F /etc/openldap/slapd.d -u ldap -g ldap -d1
3. Stop the slapd process (Ctrl+C) and start it regularly using the initscript provided by the distribution (e.g. /etc/init.d/slapd start on Gentoo/OpenRC)
4. Now verify whether the replication of cn=config works by removing the 'olcConfigFile' setting from cn=config
Basic slapd.conf for seeding: moduleload memberof.so moduleload syncprov.so moduleload refint.so
moduleload memberof.so moduleload syncprov.so moduleload refint.so
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openssh.schema
TLSCACertificateFile /etc/ssl/slapd/slapd.cacrt TLSCertificateFile /etc/ssl/slapd/slapd.crt TLSCertificateKeyFile /etc/ssl/slapd/slapd.key TLSVerifyClient allow
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
loglevel 256
access to attrs=userPassword by self write by * auth
access to * by * read
ServerID 1 ldap://10.44.0.1 ServerID 2 ldap://10.44.0.7
backend bdb
database config rootdn cn=config rootpw {SSHA}RI/d8i2R7XXlo2+kf2LcYzYOcIry+qaa
syncrepl rid=001 provider="ldap://10.44.0.7" binddn="cn=config" bindmethod="simple" credentials="nothingtoseehere" searchbase="cn=config" type=refreshAndPersist retry="10 +" filter="(!(olcDatabase={0}config))"
syncrepl rid=002 provider="ldap://10.44.0.1" binddn="cn=config" bindmethod="simple" credentials="nothingtoseehere" searchbase="cn=config" type=refreshAndPersist retry="10 +" filter="(!(olcDatabase={0}config))"
overlay syncprov
MirrorMode on