Hi ,
My application was using replication using Slurpd . Now, we want to move to openldap version 2.4 (RHEL 6.x)from 2.2, so I should use syncrepl instead slurpd. Replication clients(slaves) can still be of older version(2.2)
I am tried to replication setup using sincerely using doc http://www.openldap.org/doc/admin24/replication.html I am following first of two topologies suggested for replacing slurped in doc http://www.openldap.org/doc/admin24/replication.html It says (Master/Provider configuration) ----->Proxy consumer configuration --sincerely--->old Slaves(which were working with slurpd)
Following are my Master and Proxy configuration file they are similar to what above documents says
Master slapd.conf [ /usr/sbin/slapd -h ldap://localhost:389 -f /usr/share/openldap-servers/slapd.conf ] -------------------------------------------------------------------------------------------------------------------------------------------------------------- access to * by dn.base="cn=replicator,dc=Avaya" write by dn.base="cn=root,dc=Avaya" write by dn.base=umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya read by * break access to dn.base="" by * read access to dn.base="dc=Avaya" by * read access to dn.subtree="ou=People,dc=Avaya" by dn.exact="cn=root,dc=Avaya" write by users read by * read access to * by self write by * read database bdb suffix "dc=Avaya" rootdn "cn=root,dc=Avaya" rootpw secret rootpw Testpw
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. password-hash {CLEARTEXT},{SHA},{SSHA} directory /var/lib/ldap
index objectClass eq index default sub index ou,cn,mail,surname,givenname eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryCSN eq index entryUUID eq
checkpoint 1024 15 cachesize 10000 idlcachesize 10000 #syncrepl Provider for primary db overlay syncprov syncprov-checkpoint 1000 60 # Let the replica DN have limitless searches limits dn.exact="umObjectGUID=218afb42cb5e11e09542001a64e587d4,ou=People,dc=Avaya" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited limits dn.exact="cn=replicator,dc=Avaya" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
Proxy slapd_p.conf [ /usr/sbin/slapd -h ldap://localhost:50389 -f /usr/share/openldap-servers/slapd_p.conf ] -------------------------------------------------------------------------------------------------------------------------------------------------------------- access to * by * read # Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap database ldap # ignore conflicts with other databases, as we need to push out to same suffix hidden on suffix "dc=Avaya" rootdn "cn=slapd-ldap,dc=Avaya" uri ldap://localhost:50389 rootpw secret rootpw testing lastmod on acl-bind bindmethod=simple binddn="cn=replicator,dc=Avaya" credentials=Testpw #binddn="umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya" #credentials=1234 syncrepl rid=001 provider=ldap://localhost:389/ binddn="cn=replicator,dc=Avaya" #binddn="umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya bindmethod=simple credentials=Testpw #credentials=1234 searchbase="dc=Avaya" type=refreshAndPersist retry="5 5 300 5" overlay syncprov
1)I am able to query Master database but not to proxy database why so ? ps -ef | grep slapd /usr/sbin/slapd -h ldap://localhost:389 -f /usr/share/openldap-servers/slapd.conf /usr/sbin/slapd -h ldap://localhost:50389 -f /usr/share/openldap-servers/slapd_P.conf
lsearch query to master database(port 389) is working /usr/bin/ldapsearch -x -h localhost -p 389 -D"cn=root,dc=Avaya" -w w00dstock -b"dc=Avaya" '(objectClass=*)'
Why following query to proxy (50389) is failing even though database has read permissions to everyone .
/usr/bin/ldapsearch -x -h localhost -p 50389 -D"cn=slapd-ldap" -w w00dstock -b"dc=Avaya" '(objectClass=*)' ldap_bind: Invalid credentials (49)
2)is "cn=replicator,dc=Avaya" here should be rootdn user or normal database(slapd) user ?.
I tried this ldap slapd user "umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya" and with password "1234" and restarting both master and proxy still query fails
Can you point me where am I wrong ?
Thanks Rupesh "This email and any files transmitted with it contain confidential, proprietary, privileged information of Symphony Services Corp (India) Pvt. Ltd. and are intended solely for the use of the recipient/s to whom it is addressed. Any unauthorized notifying, copying or distributing of this e-mail, directly or indirectly, and the contents therein in full or part is prohibited by any entity who is not a recipient. Any email received inadvertently or by mistake should be deleted by the entity who is not a recipient thereof. You may be pleased to notify the sender immediately by email and the email should be deleted from your system".