Alain Siani asiani@free.fr writes:
Hello,
My problem : I would like to have a replication server and i don't understand why all data are not copied to the replication server, i use rootdn to do sync...i should be able to copy all data...it start to copy but don't copy all data...
LDAP version : Source and copy are the same server : openldap-2.3.27-8
see below for configuration files,
thks for your help ! Alain
Source server :
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/rfc822-MailMember.schema include /etc/openldap/schema/gosa/gofon.schema include /etc/openldap/schema/gosa/samba3.schema include /etc/openldap/schema/gosa/pureftpd.schema include /etc/openldap/schema/gosa/gohard.schema include /etc/openldap/schema/gosa/goto.schema include /etc/openldap/schema/gosa/gosa+samba3.schema include /etc/openldap/schema/gosa/gofax.schema include /etc/openldap/schema/gosa/goserver.schema include /etc/openldap/schema/sfe.schema
loglevel 256 password-hash {CRYPT}
Don't use crypt! Because you never know which crypt library is linked against your application, but this is only one of many reasons.
allow bind_v2
This is not recommended, LDAPv3 is out for more than 10 years now, LDAPv2 is historic!
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
access to * by * read
database bdb suffix dc=domain,dc=com rootdn cn=Manager,dc=domain,dc=com rootpw {SSHA}Lcrkf43J0AU3rXGtMRk5iHAMXHuweL4R
This is nonsens if you declare password hash crypt.
loglevel 256 schemacheck off
why do you want schema check disabled?
syncrepl rid=123 provider=ldap://10.0.0.242:389 type=refreshOnly interval=00:00:05:00 searchbase="dc=domain,dc=com" filter="(objectclass=*)" attrs="*" scope=sub schemachecking=off updatedn="cn=Manager,dc=domain,dc=com" bindmethod=simple binddn="cn=Manager,dc=domain,dc=com" credentials=xxxx
you need operational attributes and user attributes to be synchronized, that is, if you want to define a attribute filter it should be attrs="*","+", but read man slapd.conf(5) on syncrepl filters. updatedn is not required with syncrepl, never ever use rootdn to control synchonization, because no access control comes into effect. I'm missing a updateref declaration and a declaration of limits.
-Dieter