On Tuesday 12 February 2008 11:47:46 Aravind Arjunan wrote:
(it is really inconventient replying to this mail, because you wrote it in HTML format, and Outlook's text version when you write in HTML contains extra line breaks ...).
- Am still facing issue while configuring ldap in master slave for
replication. am using openldap 2.2 version.
I would upgrade to 2.3 ...
OS: RHEL 4.0
You may want to consider: http://staff.telkomsa.net/packages/
And am trying to configure master slave replication thro slurpd method. i had configured my master slapd.conf and slave slave slapd.conf. similarly i configured master and slave ldap.conf. After that i stopped the service in master and slave by
If you are using the bdb backend (which you are), there is no need to stop slapd to run slapcat.
[root@server ~]# service ldap stop Stopping slapd: [ OK ] Stopping slurpd: [ OK ] [root@server ~]#
similarly in slave also.
then i copied the database manually using slapcat [root@server openldap]# slapcat -b "dc=example,dc=com" -v -l example.com.ldif
# id=00000001
# id=00000003
[root@server openldap]# scp example.com.ldif root@151.2.119.133 :/var/lib/ldap/example.com/ root@151.2.119.133's password: example.com.ldif 100% 747 0.7KB/s 00:00 [root@server openldap]#
In slave :
[root@slave openldap]# slapadd -b "dc=example,dc=com" -v -l example.com.ldif added: "dc=example,dc=com" (00000001) added: "cn=Manager,dc=example,dc=com" (00000002) [root@slave openldap]#
but when i create a user in ldapmaster and check that user in slave,i was not able to found.
there was no log in replogfile.
[root@server ~]# useradd test [root@server ~]# passwd test Changing password for user test. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
I don't know what you are testing here, but the useradd command typically (and specifically on RHEL4) doesn't create users anywhere but in local files. The luseradd tool (from libuser) can create users in LDAP, but smbldap-tools (and other similar tools) have useradd-compatible commands that do (and support samba-related attributes etc.).
You should maybe use an ldap utility (e.g. ldapadd, ldapmodify) to generate changes which you test for replication.
master slapd.conf
[...]
replica uri=ldap://=151.2.119.133:389 suffix="dc=example,dc=com" binddn="cn=syncuser,dc=example,dc=com" bindmethod=simple credentials=hcllch
This should all be one statement, either on one line, or multiple lines, where all but the first have leading spaces as line continuations. Since you didn't compose in plain text, I am not sure if this is a problem in your configuration file, or with your copy/paste ...
I haven't looked at the rest of your slapd.conf files in detail, but besides this, they look mostly ok for now.
Master ldap.conf
Which ldap.conf ? /etc/ldap.conf, or /etc/openldap/ldap.conf ? It looks like a mix of the two.
# LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
host 151.2.119.120 151.2.119.133 base dc=example,dc=com binddn cn=Manager,dc=example,dc=com bindpw password bind_policy soft pam_password expo
These last 4 are specific to nss_ldap/pam_ldap, and as such belong in /etc/ldap.conf, not /etc/openldap/ldap.conf. I would avoid using your rootdn in a clear-text config file. You should use a proxy user with limited access (it just needs to be able to search for a user and retrieve specific attributes, which in most cases you would allow all authenticated users to access anyway).
Regards, Buchan