I have spent the past couple of days setting up nway multimaster in my lab. I was thinking it was not working because the first step (in the admin guide) was syncing up the cn=config. When doing that, I would look at both servers to see if the cn=config was the same – they were, and are not.
First box has (under cn=config):
Cn=schema
OlcDatabase={-1}front
OlcDatabase{0}config
OlcDatabase={1}bdb
OlcDatabase={2}bdb
Second box has (under cn=config):
Cn=schema
OlcDatabase={-1}front
OlcDatabase{0}config
OlcDatabase={1}bdb
My question is: is this normal, or did I do something wrong? The sync on my dc=comcast,dc=com is working fine. Here are the steps I went through to get this working.
Set up slapd.conf – sure to include the ‘directory config’ in order to have a rootd for cn=config
On both servers remove old directory/config ( rm -rf /usr/var/openldap-data/* /usr/etc/openldap/slapd.d/* )
On both servers run slapd with –f and –F options to sync to new config mode ( /usr/sbin/slapd -h ldap://10.252.152.76 -u ldap -F /usr/etc/openldap/slapd.d/ -f /usr/etc/openldap/slapd.conf -d 1 )
On both servers run slapd with –F option - made sure that it was run with ldap://<ip> (/usr/sbin/slapd -h ldap://10.252.152.76 -u ldap -F /usr/etc/openldap/slapd.d/)
On both servers run ldapmodify to add initial syncrepl, and sync the two cn=config directories:
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://10.252.152.76
olcServerID: 2 ldap://10.252.152.77
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://10.252.152.76 binddn="cn=root,cn=config" bindmethod=simple
credentials="<RAW PASSWORD>" searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=ldap://10.252.152.77 binddn="cn=root,cn=config" bindmethod=simple
credentials="<RAW PASSWORD>" searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
On first server run ldapadd to sync the dc=comcast,dc=com directory:
dn: olcDatabase={1}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcbdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=comcast,dc=com
olcDbDirectory: /usr/var/openldap-data/
olcRootDN: cn=Manager,dc=comcast,dc=com
olcRootPW: {SSHA}kJTEcfOmPf7fKv71AtxDjlUZNPqN9pIT
olcLimits: dn.exact="cn=Manager,dc=comcast,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
olcSyncRepl: rid=004 provider=ldap://10.252.152.76 binddn="cn=Manager,dc=comcast,dc=com" bindmethod=simple
credentials="<RAW PASSWORD>" searchbase="dc=comcast,dc=com" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=005 provider=ldap://10.252.152.77 binddn="cn=Manager,dc=comcast,dc=com" bindmethod=simple
credentials="<RAW PASSWORD>" searchbase="dc=comcast,dc=com" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}bdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
Now, at this point is where I look at the cn=config to see if they were the same...
--
MAT
DESK: 720.267.7767