On Fri, Jan 29, 2010 at 2:16 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
--On Friday, January 29, 2010 1:56 PM -0700 Hung Luu <hung.n.luu@gmail.com> wrote:

Hello all,

In a syncrepl setup, I understand that the syncrepl specification is
defined on the consumer server. I understand this to mean that I should
apply my LDIF (that adds the olcSyncrepl attribute to my config and hdb
backends) on the consumer server. However, ldapadd was only successful in
configuring my config backend for syncrepl, which is defined first in the
LDIF, and failed with LDAP error 53 when attempting to add the
olcSyncrepl attribute to my hdb backend; additional error info: "shadow
context; no update referral."

Is this because the olcSyncrepl attribute added to my config backend
already established my consumer server as a replica and hence subsequent
writes to the consumer server will not be accepted?

Ideally, I wanted to add the syncrepl configuration in my slapd.conf and
then convert it to cn=config; however, this doesn't appear to work with
2.4.21 because the slaptest added a uri="" to the olcSyncrepl attribute
that running slapd complained of an invalid URL for olcSyncrepl. This is
not an issue in 2.4.20.

Anyway, what's the right way for me to configure syncrepl on my 2.4.21
consumer server for both the config and hdb backends?

It works for me with 2.4.21:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncrepl
olcSyncrepl: rid=100 provider=${ldap_master_url} bindmethod=si
mple timeout=0 network-timeout=0 binddn=uid=zmreplica,cn=admins,cn=zimbra c
redentials=${ldap_replication_password} starttls=critical filter="(objectclass=*)" searchbase=""
 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" logbase=cn=access
log scope=sub schemachecking=off type=refreshAndPersist retry="60 +" syncdat
a=accesslog tls_cacertdir=/opt/zimbra/conf/ca

is the LDIF I use to ldapmodify my entry.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Are you able to get it to work with ldapadd as well? I'm getting a segmentation fault using ldapmodify (installed as part of openldap-clients.x86_64 rpm 2.3.43-3.el5).

Here's my LDIF file:

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncrepl
olcSyncrepl: rid=000 provider="ldap://provider:389" type=refreshAndPersist retry="5 5 300 +" searchbase="cn=config" attrs="*,+" bindmethod=simple binddn="cn=ldap,ou=services,dc=example,dc=com" credentials=secret

dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcSyncrepl
olcSyncrepl: rid=001 provider="ldap://provider:389" type=refreshAndPersist retry="5 5 300 +" searchbase="dc=example,dc=com" attrs="*,+" bindmethod=simple binddn="cn=ldap,ou=services,dc=example,dc=com" credentials=secret

Something else that I tried that seems to get syncrepl working on 2.4.21 is to use a slapd.d converted from a 2.4.20 slapd.conf, but I'm a little uneasy about it.


Thanks,
Hung.