On 24 Jan 2024, at 18:39, Quanah Gibson-Mount <quanah@fast-mail.org> wrote:Got it
--On Wednesday, January 24, 2024 8:28 AM +0200 Viktor Keremedchiev <vkeremedchiev@adaptavist.com> wrote:Hello,
I'm somewhat not experienced with LDAP on the server side of things
I'm importing openldap 2.4. into 2.6.3. (rockylinux 9). My goal is to 2
have 2 N-way (or multi-master*) ldap nodes. I've changed hdb to mdb,
created accesslog folder, fixed permissions, SSL etc
The import doesn't throw any errors. My understanding is that I need to
have cn=config replication, as well as my small dc=domain,dc=com,
replication as well
It is not required to have cn=config replication. And I would note that OpenLDAP 2.6.3 is fairly old at this point with significant fixes done to the 2.6 series since its release. I'd advise using a current release of OpenLDAP 2.6.
The cn=config replication I call via this on both nodes followed by
restarts
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1
Each server must have its own, unique, serverID. If you are going to use cn=config replication, then you *must* use the
olcServerID: # URI
format.
Now once I do that I've experimented with changing the olcLogLevel and
it seems to work. The rid's on each node are different server2 has
rid=002, server 1 has rid=001 as well as different olcServerID
RIDs must be unique INSIDE a particular server, but different servers can use the same RID values.
What am I doing wrong? Perhaps more than one thing
I'd suggest starting with just getting back-mdb replication working between the nodes.
Side note, your configuration for the accesslog DB is missing an index on 'reqDN'.
--Quanah
dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config