I run slap2 for:

/usr/sbin/slapd -h ldap://slap2:389 -d 16383 -u openldap -g openldap

52aef96c =>do_syncrepl rid=004

ldap_create

ldap_url_parse_ext(ldap://ldap1:389)

ldap_sasl_bind_s

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP ldap1:389

52aef96c =>do_syncrepl rid=005

ldap_create

ldap_url_parse_ext(ldap://ldap2:389)

ldap_sasl_bind_s

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP ldap2:389

52aef971 daemon: epoll: listen=7 active_threads=0 tvp=zero

52aef971 daemon: epoll: listen=8 active_threads=0 tvp=zero

ldap_connect_to_host: getaddrinfo failed: Name or service not known

52aef976 slap_client_connect: URI=ldap://ldap1:389 DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)

52aef976 do_syncrepl: rid=004 rc -1 retrying (4 retries left)

52aef976 daemon: activity on 1 descriptor

52aef976 daemon: activity on:52aef976

52aef976 daemon: epoll: listen=7 active_threads=0 tvp=zero

52aef976 daemon: epoll: listen=8 active_threads=0 tvp=zero

ldap_connect_to_host: getaddrinfo failed: Name or service not known

52aef976 slap_client_connect: URI=ldap://ldap2:389 DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)

52aef976 do_syncrepl: rid=005 rc -1 retrying (4 retries left)

52aef976 daemon: activity on 1 descriptor

52aef976 daemon: activity on:52aef976

52aef976 daemon: epoll: listen=7 active_threads=0 tvp=zero

52aef976 daemon: epoll: listen=8 active_threads=0 tvp=zero

ldap1 --> slap1

ldap2 --> slap2

...and every working.

I'm blind and so the topic !!!

Thread is closed

2013/12/16 Artur Nike <opalsie@gmail.com>

Hi all,

My adventure with LDAP lasts a few months, and I came to the topic of replication,

namely multiple-master replication.
cn = config is replicated perfectly, but the schema, say, dc = example, dc = com does not want to: (.

I have two servers slap1 and slap2

I have a standard installation
##Server slap1
whezzy debian 64bit
apt-get install-y slapd ldap-utils

added my scheme
ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / memberof.ldif
ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / refint.ldif
# Add "ldap :/ / ldap1 / in /etc/default/slapd

sed-i "/^ SLAPD_SERVICES/s/=[^]*/=\"ldap:\/\/slap1\//'/etc/default/slapd
ldapmodify-Y EXTERNAL-H ldapi :/ / /-f replica1.ldif

where replica1.ldif (replication configuration)::

dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 1

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}syncprov.la

dn: olcDatabase={0}config,cn=config

changetype: modify
add: olcRootPW
#only for tests
olcRootPW: 123

dn: cn=config
changetype: modify

replace: olcServerID
olcServerID: 1 ldap://slap1/
olcServerID: 2 ldap://slap2/

dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config

changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

dn: olcDatabase={0}config,cn=config

changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://slap1/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=123

searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config"

bindmethod=simple credentials=123
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-

add: olcMirrorMode
olcMirrorMode: TRUE

This same scenario takes on a server slap2 (the name change slap1 -> slap2)

where replica2.ldif (replication configuration only servers slap2) :

dn: cn=config
changetype: modify
add: olcServerID
olcServerID: 2

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}syncprov.la

dn: olcDatabase={0}config,cn=config

changetype: modify
#only for tests
add: olcRootPW
olcRootPW: 123

dn: cn=config
changetype: modify

replace: olcServerID
olcServerID: 1 ldap://slap1/
olcServerID: 2 ldap://slap2/

dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config

changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

dn: olcDatabase={0}config,cn=config

changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://slap1/ binddn="cn=admin,cn=config"
bindmethod=simple credentials=123

searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config"

bindmethod=simple credentials=123
searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-

add: olcMirrorMode
olcMirrorMode: TRUE

and it works , the whole configuration is replicated .

Now I want ( I'm trying to add a replication scheme . )

Adds only one server , eg slap2 :
ldapmodify - Y EXTERNAL -H ldapi :/ / / -f rep_schema.ldif

where rep_schema.ldif :

# add replica schema

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: 123
-
replace: olcRootDN

olcRootDN: cn=admin,dc=example,dc=com

dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcLimits
olcLimits: dn.exact="cn=admin,dc=example,dc=com" time.soft=unlimited

time.hard=unlimited size.soft=unlimited size.hard=unlimited
-
add: olcSyncRepl
olcSyncRepl: rid=004 provider=ldap://ldap1/ binddn="cn=admin,dc=example,dc=com"

bindmethod=simple credentials="123"
searchbase="dc=example,dc=com"
starttls=no
filter="(objectclass=*)"

attrs="*,+" scope=sub
schemachecking=of
type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1
olcSyncRepl: rid=005 provider=ldap://ldap2/ binddn="cn=admin,dc=example,dc=com"

bindmethod=simple credentials="123"
searchbase="dc=example,dc=com"
starttls=no
filter="(objectclass=*)"

attrs="*,+" scope=sub
schemachecking=off
type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1
-

add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcMirrorMode
olcMirrorMode: TRUE

dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig
olcOverlay: syncprov

Configuration replicates and the end, schema does not replicate.
If you try to replicate one of the servers are in the logs I see:

Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=004 rc -1 quitting
Dec 15 23:44:48 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)

Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=005 rc -1 retrying
Dec 15 23:44:58 slap1 slapd[4496]: =>do_syncrepl rid=005
Dec 15 23:44:58 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)

Dec 15 23:44:50 slap2 slapd[4456]: do_syncrepl: rid=004 rc -1 retrying
Dec 15 23:44:54 slap2 slapd[4456]: =>do_syncrepl rid=005
Dec 15 23:44:54 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)

Dec 15 23:44:54 slap2 slapd[4456]: do_syncrepl: rid=005 rc -1 quitting
Dec 15 23:45:00 slap2 slapd[4456]: =>do_syncrepl rid=004
Dec 15 23:45:00 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap1/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)

from server slap2 to search slap1:
ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap1/ -b dc=example,dc=com -w 123 (working)

from server slap1 to search slap2:

ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap2/ -b dc=example,dc=com -w 123 (working)

I'm out of ideas...
user : DN="cn=admin,dc=example,dc=com" is created automatically when I install slapd

Can anyone have any suggestions or experience with this problem.
For all, thank you in advance.

Muniek