Sent: Sun May 27 2012 13:11:32 GMT-0400 (EDT) From: Elias Probst mail@eliasprobst.eu To: openldap-technical@openldap.org Subject: syncrepl for cn=config, changes fail with "tag=103 err=53 text=shadow context; no update referral"
Hi List,
I'm trying to setup a master/master replication scenario, starting with getting cn=config replicated properly using OpenLDAP 2.4.30 on Gentoo.
I've tried to start with a minimal config which is now up and running on both servers.
As long as I start only one of both servers I can edit everything in cn=config just fine, but as soon as they both run at the same time, they get into a state which causes some trouble. Even shutting down one of both doesn't help then, I need to start from scratch again at this point.
Submitting any changes results in this error message: RESULT tag=103 err=53 text=shadow context; no update referral
There are two servers, connected via OpenVPN: ID 1, 10.44.0.1 ID 2, 10.44.0.7
I use the following configuration file to seed the initial online configuration for each server, before bringing them up both, using: slapd -f /tmp/slapd.conf -F /etc/openldap/slapd.d -u ldap -g ldap -d1
moduleload memberof.so moduleload syncprov.so moduleload refint.so
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openssh.schema
TLSCACertificateFile /etc/ssl/slapd/slapd.cacrt TLSCertificateFile /etc/ssl/slapd/slapd.crt TLSCertificateKeyFile /etc/ssl/slapd/slapd.key TLSVerifyClient allow
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
loglevel 256
access to attrs=userPassword by self write by * auth
access to * by * read
ServerID 1 ldap://10.44.0.1 ServerID 2 ldap://10.44.0.7
backend bdb
database config rootdn cn=config rootpw {SSHA}RI/d8i2R7XXlo2+kf2LcYzYOcIry+qaa
syncrepl rid=001 provider="ldap://10.44.0.7" binddn="cn=config" bindmethod="simple" credentials="nothingtoseehere" searchbase="cn=config" type=refreshAndPersist retry="10 +" filter="(!(olcDatabase={0}config))"
syncrepl rid=002 provider="ldap://10.44.0.1" binddn="cn=config" bindmethod="simple" credentials="nothingtoseehere" searchbase="cn=config" type=refreshAndPersist retry="10 +" filter="(!(olcDatabase={0}config))"
overlay syncprov
I don't quite understand the error message, as it somehow indicates the servers would be running in shadow context/MirrorMode, which is set to FALSE.
So does anyone have an idea, what's wrong with my setup?
Thanks a lot!
- Elias
You need to enable MirrorMode. The official mult-master replication guide covers this, http://www.openldap.org/doc/admin24/replication.html#N-Way Multi-Master http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
You are getting the error because the database thinks it is a slave to the other database, so it disallows local writes. MirrorMode is just as it sounds, both servers are 'mirrors'.
-Patrick