Hello Pierangelo.
Thanks for your feedback. What you are saying is that syncrepl is not support for ldap with sql backend. To solve my issue do you know how I could export all the ldap entries of this ldap server to construct a new ldap with a bdb backend (the release of openldap I am using is 2.4.12? Do you know where can I find some documentation of sql backend and syncrepl to do the needfull in order to make this architecture work?
Thanks a lot. Frederic
2009/4/22 Pierangelo Masarati ando@sys-net.it
Frederic Bouy wrote:
Hello,
For performance issues (millions or records) I have two ldap servers:
- one master with an sql backend (postgres) to allow easy data
manipulation
- one slave to anwer ldap queries and provide good response time
When lauching the slave ("./slapd -f /usr/local/openldap/etc/openldap/slapd-front.conf -h "ldap://localhost:3890" -d 1") I got a first non blocking error I don't really understand: " => bdb_dn2id("dc=lnp") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)"
According to the fact that the following command is successfull: "ldapwhoami -H "ldap://localhost:389" -D "cn=manager,dc=lnp" -w secret"
and then the synchronization fails with this error: "read1msg: ld 0x9ca73e8 msgid 2 message type search-entry ber_scanf fmt ({xx) ber: ber_scanf fmt ({a) ber: ber_scanf fmt (o) ber: ber_scanf fmt ({em) ber: do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD ldap_msgfree connection_get(11): got connid=0 ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 11 ldap_free_connection: actually freed do_syncrepl: rid=001 quitting"
Do you know whether suncrepl is support for ldap with sql backend?
No it's not.
Do you know where can I find some documentation on this?
There isn't any.
Do you have any clue on how I could solve my issues?
Thanks in advance. Please find below the .conf of those two ldap servers:
# === MASTER ===== include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/lnp.schema
pidfile /usr/local/openldap/var/slapd-lnp.pid argsfile /usr/local/openldap/var/slapd-lnp.args
backend sql
####################################################################### # sql database definitions #######################################################################
database sql suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret dbname lnp dbuser lnp dbpasswd lnp strcast_func "text" #subtree_cond "ldap.entries.dn like '%'||?" concat_pattern "?||?" has_ldapinfo_dn_ru no
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
Not supposed to work since syncrepl is not supported. Back-sql may claim it supports syncrepl provisioning because there is some experimental support, but it is known to be broken.
lastmod on
# === MASTER ===== include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/lnp.schema
pidfile /usr/local/openldap/var/run/slapd-front.pid argsfile /usr/local/openldap/var/run/slapd-front.args
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret directory /usr/local/openldap/var/openldap-data
# index entryCSN,entryUUID eq index entryUUID eq
# filter="(objectClass=*)"
syncrepl rid=001 provider=ldap://localhost:389 bindmethod=simple type=refreshAndPersist searchbase="ou=31,dc=lnp" schemachecking=off binddn="cn=manager,dc=lnp" credentials=secret filter="(objectClass=*)"
mirrormode on serverID 1
You shouldn't enable mirror mode unless you know what you're doing. In this case you shouldn't enable it since syncrepl is not supported by the other peer. Moreover the two peers are not symmetrical (back-sql and back-bdb do not have the same capabilities, and the two configurations are not identical).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it