Elias Probst wrote:
On Sunday 27 May 2012 21:06:43 Patrick Hemmer wrote:
Where are you putting the MirrorMode parameter? When I copy/paste your config you provided in the first email into an editor, line 31 is before "database config", which would be the problem. You need to put it after "database config" so that it applies to the config database.
As for the shadow thing, both server's are shadows/consumers. Theyre also both providers.
Thanks a lot. This made it finally work.
- I misunderstood "shadow" as being a completely different mode in which the
whole instance runs.
- I placed the 'MirrorMode' statement at the wrong position.
a) It mustn't be set in the global section b) It must be set after the 'syncrepl' statements inside a DB definition
For reference/anyone else fighting with this, a short howto how I got it up and running now:
- Make sure /etc/openldap/slapd.d/ and the openldap-data directory (here:
/var/lib/openldap-data) is emptied
- Use the basic config (see below) to seed the initial online config of each
instance using the command slapd -f /tmp/slapd.conf -F /etc/openldap/slapd.d -u ldap -g ldap -d1
Your reference is an utter waste of time. If you want to help people do this in the future you should simply provide the output of slapcat -n0, with the schema entries trimmed, and avoid the unnecessary conversion step.
- Stop the slapd process (Ctrl+C) and start it regularly using the initscript
provided by the distribution (e.g. /etc/init.d/slapd start on Gentoo/OpenRC)
And avoid the unnecessary restart step as well.
- Now verify whether the replication of cn=config works by removing the
'olcConfigFile' setting from cn=config
Basic slapd.conf for seeding: moduleload memberof.so moduleload syncprov.so moduleload refint.so
moduleload memberof.so moduleload syncprov.so moduleload refint.so
And avoid redundant moduleload statements.
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openssh.schema
TLSCACertificateFile /etc/ssl/slapd/slapd.cacrt TLSCertificateFile /etc/ssl/slapd/slapd.crt TLSCertificateKeyFile /etc/ssl/slapd/slapd.key TLSVerifyClient allow
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
loglevel 256
access to attrs=userPassword by self write by * auth
access to * by * read
ServerID 1 ldap://10.44.0.1 ServerID 2 ldap://10.44.0.7
backend bdb
database config rootdn cn=config rootpw {SSHA}RI/d8i2R7XXlo2+kf2LcYzYOcIry+qaa
syncrepl rid=001 provider="ldap://10.44.0.7" binddn="cn=config" bindmethod="simple" credentials="nothingtoseehere" searchbase="cn=config" type=refreshAndPersist retry="10 +" filter="(!(olcDatabase={0}config))"
syncrepl rid=002 provider="ldap://10.44.0.1" binddn="cn=config" bindmethod="simple" credentials="nothingtoseehere" searchbase="cn=config" type=refreshAndPersist retry="10 +" filter="(!(olcDatabase={0}config))"
overlay syncprov
MirrorMode on