I have spent the past couple of days setting up nway multimaster in my lab. I was thinking it was not working because the first step (in the admin guide) was syncing up the cn=config. When doing that, I would look at both servers to see if the cn=config was the same they were, and are not.
First box has (under cn=config): Cn=schema OlcDatabase={-1}front OlcDatabase{0}config OlcDatabase={1}bdb OlcDatabase={2}bdb
Second box has (under cn=config): Cn=schema OlcDatabase={-1}front OlcDatabase{0}config OlcDatabase={1}bdb
My question is: is this normal, or did I do something wrong? The sync on my dc=comcast,dc=com is working fine. Here are the steps I went through to get this working.
Set up slapd.conf sure to include the directory config¹ in order to have a rootd for cn=config On both servers remove old directory/config ( rm -rf /usr/var/openldap-data/* /usr/etc/openldap/slapd.d/* ) On both servers run slapd with f and F options to sync to new config mode ( /usr/sbin/slapd -h ldap://10.252.152.76 -u ldap -F /usr/etc/openldap/slapd.d/ -f /usr/etc/openldap/slapd.conf -d 1 ) On both servers run slapd with F option - made sure that it was run with ldap://<ip> (/usr/sbin/slapd -h ldap://10.252.152.76 -u ldap -F /usr/etc/openldap/slapd.d/) On both servers run ldapmodify to add initial syncrepl, and sync the two cn=config directories: dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://10.252.152.76 olcServerID: 2 ldap://10.252.152.77
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://10.252.152.76 binddn="cn=root,cn=config" bindmethod=simple credentials="<RAW PASSWORD>" searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://10.252.152.77 binddn="cn=root,cn=config" bindmethod=simple credentials="<RAW PASSWORD>" searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
On first server run ldapadd to sync the dc=comcast,dc=com directory: dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcbdbConfig olcDatabase: {1}bdb olcSuffix: dc=comcast,dc=com olcDbDirectory: /usr/var/openldap-data/ olcRootDN: cn=Manager,dc=comcast,dc=com olcRootPW: {SSHA}kJTEcfOmPf7fKv71AtxDjlUZNPqN9pIT olcLimits: dn.exact="cn=Manager,dc=comcast,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcSyncRepl: rid=004 provider=ldap://10.252.152.76 binddn="cn=Manager,dc=comcast,dc=com" bindmethod=simple credentials="<RAW PASSWORD>" searchbase="dc=comcast,dc=com" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=005 provider=ldap://10.252.152.77 binddn="cn=Manager,dc=comcast,dc=com" bindmethod=simple credentials="<RAW PASSWORD>" searchbase="dc=comcast,dc=com" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}bdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
Now, at this point is where I look at the cn=config to see if they were the same...