Good Day All!
I am running two boxes with CentOS 5.4 and openldap-servers-2.3.43-3.el5. I am trying to configure openldap in mirrormode. I have a third box with CentOS 5.4 and openldap-servers-2.3.43-3.el5 that I will be using as a proxy,but ldap is not yet configured on this server. Below are my two ldap servers that I want in mirror mode. If I set the standard Syncrepl configuration, the master and slave talk, I can write to the master, and the slave is updated. But when I switch to mirror mode with the below configuration, and try to write to either of them, I get:
ldapadd: Server is unwilling to perform (53) additional info: shadow context; no update referral
Which makes me think they are both in read-only mode???? I thought with mirrormode server 1 would be writable until server 1 went down, then server 2 would know to be writable, and they stay in sync with each other
#========================== #Server1 #========================== include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/ppolicy.schema
loglevel 256 serverID 1 allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap #moduleload accesslog.la #moduleload auditlog.la #moduleload denyop.la #moduleload dyngroup.la #moduleload dynlist.la #moduleload lastmod.la #moduleload pcache.la moduleload ppolicy.la #moduleload refint.la #moduleload retcode.la #moduleload rwm.la #moduleload smbk5pwd.la #moduleload translucent.la #moduleload unique.la #moduleload valsort.la
TLSCACertificateFile /etc/openldap/cacerts/server1cacert.pem TLSCertificateFile /etc/openldap/cacerts/server1crt.pem TLSCertificateKeyFile /etc/openldap/cacerts/server1key.pem
TLSVerifyClient try
sasl-secprops noanonymous,noplain,noactive
access to * by * write by * read
database bdb suffix "dc=domain" rootdn "uid=admin,ou=service,dc=domain" rootpw {SSHA}secret
directory /var/ldap/databases/users
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
syncrepl rid=001 provider=ldap://192.168.1.3 type=refreshAndPersist interval=00:00:00:10 searchbase="dc=domain" schemachecking=off retry="60 +" filter="(objectClass=*)" attrs="*" bindmethod=simple binddn="uid=userrepl,ou=services,ou=administrative,dc=domain" credentials=password
mirrormode on
#=========================== #server 2 #===========================
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/ppolicy.schema
##LOG Level loglevel 256 serverID 2 # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap #moduleload accesslog.la #moduleload auditlog.la #moduleload denyop.la #moduleload dyngroup.la #moduleload dynlist.la #moduleload lastmod.la #moduleload pcache.la moduleload ppolicy.la #moduleload refint.la #moduleload retcode.la #moduleload rwm.la #moduleload smbk5pwd.la #moduleload translucent.la #moduleload unique.la #moduleload valsort.la
TLSVerifyClient try sasl-secprops noanonymous,noplain,noactive
access to * by * write by * read
database bdb suffix "dc=domain" rootdn "uid=admin,ou=service,dc=domain" rootpw {SSHA}secret
directory /var/ldap/databases/users
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
syncrepl rid=001 provider=ldap://192.168.1.2 type=refreshAndPersist interval=00:00:00:10 searchbase="dc=domain" schemachecking=off filter="(objectClass=*)" attrs="*" retry="60 +" bindmethod=simple binddn="uid=userrepl,ou=services,ou=administrative,dc=domain" credentials=password
#updateref ldap://192.168.1.3 mirrormode on