No wonder I am getting that error. When I removed the updatedn, the
error disappear but syncrepl still doesn't work.
Can anyone please point me in the right direction of converting database
from slurpd to syncrepl? I found a link in Google but the howto did not
Ivan Ordonez wrote:
I still can't get syncrepl to work on our machines.
Looking at the log, the one error that stands out to me is the error
below. I get this error when I start LDAP.
slapd: do_syncrep1: rid 001 ldap_sasl_bind_s failed (13)
slapd: do_syncrepl: rid 001 quitting
I'm not sure why it is failing since I know for sure, my password is
correct. Removing the "updatedn" line will get rid of the error, but
that doesn't fix the issue. Any changes I made on the Master server
doesn't replicate or go to the Slave server.
Here is my setup.
syncprov-checkpoint 100 10
Thanks in advance.
Ivan Ordonez wrote:
> Buchan Milne wrote:
>> On Friday 29 August 2008 17:59:39 Ivan Ordonez wrote:
>>> Hi all,
>>> We have a small size domain with about 500 users and computers. We are
>>> using Samba with Openldap integration to authenticate user login and
>>> file sharing. Our setup is consist of 3 servers running Gentoo Linux -
>>> 1PDC and 2BDCs. As for replication, we are still using "slurpd".
>>> changes or modification is done through the PDC which replicates the
>>> changes to BDC1, then from BDC1, it then goes down to BDC2 - it's like a
>> Why? Why not have PDC replicate to BDC1 and BDC2?
>> You didn't provide your OpenLDAP version (which is quite important in
>> discussing the options).
> I'm sorry for not providing as much information as I can. We are
> using openldap version 2.3.43 and samba 3.0.31.
> Having the PDC replicate to BDC1 and BDC2 to me seems a little
> risky. What happen if the PDC crashed? Will you have to configure
> one of the BDC to be the new PDC? We want to make it act like a
> Windows domain type of replication where we can use any of the DCs to
> make changes.
>>> We want to start using "syncrepl" soon as a way to replicate our
>>> database but I'm not sure were to start. We want to setup all of our
>>> machine to sync with each other everyday,
>> Only once a day?? Syncrepl in RefreshAndPersist will be immediate (as or more
>> immediate than slurpd, with fewer problems regarding resyncing etc.).
> What I meant to say is to have all the server sync every time a
> change is made. RefreshAndPersist seems like the way to go here.
>>> and not worry which machine is
>>> use to make changes, modification, etc....
>> Changes done via what? Samba has referral chasing, so you don't need multi-
>> master to have a BDC be able to write to OpenLDAP.
> Our BDCs are set in a way that they can only see and read the changes
> made to samba and ldap. You can not create account or make any
> changes on our domain using the BDCs. That is the way it was setup.
>>> I'm not sure which syncrepl
>>> function to use to achieve what we want to do. Is "N-Way Multi Master
>>> replication" the correct choice to do this?
>> It's not a requirement, and it may be excessive complexity if you just want
>> replication to work.
>>> We are using "BDB" database
>>> on each servers, and would like to achieve this with minimal downtime if
>>> possible. What is the best way to do this?
>> Configure syncrepl on the provider and the two consumers, assuming you have a
>> recent enough OpenLDAP version, and restart ...
>> Configuration of syncrepl does require at least:
>> 1)syncprov overlay configured on provider
>> 2)limits and access statements on provider to ensure DNs used by consumers can
>> get all entries/attributes
>> 3)entryUUID and entryCSN attributes indexed on all servers
>> 4)syncrepl statements in consumer configuration
>> (so, your restart may be a stop;slapindex;start for the indexes, but your
>> database is small)
> Thanks for all your help.