9:24 a.m.
Without digging into your particular issue, I used this guide and was able to configure
replication:
http://www.openldap.org/doc/admin24/
This most specifically for you right now:
http://www.openldap.org/doc/admin24/replication.html
On Wed, Aug 29, 2012 at 11:32:14AM -0400, Jeff Dickens wrote:
I've been following this page from the Ubuntu Server Guide
with generally
good results:
[1]https://help.ubuntu.com/12.04/serverguide/openldap-server.html�
Now I'm down to the replication section, at�
[2]https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap....
�So far it isn't working. �First things first:
I create the following ldif file to configure the sync provider:
# Add indexes to the frontend db.
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq
#Load the syncprov and accesslog modules.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
add: olcModuleLoad
olcModuleLoad: accesslog
# Accesslog database definitions
dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=accesslog
olcRootDN: cn=admin,dc=intranet,dc=seamanpaper,dc=com
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
# Accesslog db syncprov.
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
# syncrepl Provider for primary db
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
# accesslog overlay definitions for primary db
dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
olcAccessLogPurge: 07+00:00 01+00:00
The guide says you can test the provider with this command:
root@grackle:~# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base
contextCSN
dn:
root@grackle:~#
but as you see that doesn't return anything. � However, this command does
find it:
root@grackle:~# slapcat | grep -C 10 contextCSN
objectClass: organization
o: [3]intranet.seamanpaper.com
dc: intranet
structuralObjectClass: organization
entryUUID: 99e43416-73a1-1031-9d82-4f560555aca0
creatorsName: cn=admin,dc=intranet,dc=seamanpaper,dc=com
createTimestamp: 20120805233244Z
entryCSN: 20120805233244.262007Z#000000#000#000000
modifiersName: cn=admin,dc=intranet,dc=seamanpaper,dc=com
modifyTimestamp: 20120805233244Z
contextCSN: 20120829024252.920832Z#000000#000#000000
dn: cn=admin,dc=intranet,dc=seamanpaper,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9Nm9zUVlmUStzd1RCOVJCQXUyL3NhQURpYTZ1R0NuRC8=
structuralObjectClass: organizationalRole
entryUUID: 99e4f9fa-73a1-1031-9d83-4f560555aca0
creatorsName: cn=admin,dc=intranet,dc=seamanpaper,dc=com
root@grackle:~#
Before I go on to figure out why the sync isn't working, why isn't the
ldapsearch command above returning anything?
Thanks in advance for your help.
--
���� Jeff Dickens
���� IT Manager����� 978-632-1513
References
Visible links
1. https://help.ubuntu.com/12.04/serverguide/openldap-server.html
2.
https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-s...
3. http://intranet.seamanpaper.com/