23 Feb
2010
23 Feb
'10
11:17 p.m.
Seger, Mark wrote:
I’m an admitted ldap lightweight but have been able to bring up an ldap server and populate it with the contents of my /etc/passwd file. Now I want to set up a replica on another machine using sync replication and am having a few issues getting it to work. My most recent success was getting simple authentication working because before it was failing and now it’s not so I’ve at least gotten that far. Here’s what my replication section looks like in ldap.conf:
Hi,
has 'lsfadmin' access to read whole tree on the master? And if it's simple Master X N slaves type, which probably is, you can't write to slave - slapd.conf :: updateref ldaps://mymaster.domain.tld
Regards, Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net
>
> syncrepl rid=123
>
> provider=ldap://10.99.99.99:389
>
> type=refreshOnly
>
> interval=01:00:00:00
>
> searchbase="dc=myldap,dc=com"
>
> filter="(objectClass=account)"
>
> scope=sub
>
> schemachecking=off
>
> updatedn="cn=replica,dc=myldap,dc=com"
>
> bindmethod=simple
>
> binddn="uid=lsfadmin,ou=People,dc=myldap,dc=com"
>
> credentials=Something
>
>
>
> I’m pretty sure I have the search parameters set correctly because if I run:
>
>
>
> ldapsearch -x -h 10.99.99.99 -b 'dc=myldap,dc=com' -A uid
>
>
>
> it dumps all my uids.
>
>
>
> The part I’m on clear on is how to define things on the slave side. For
> example I have the main part of the conf set the same on the master,
> just to make things easy on me and so I have the following which is
> exactly how I have the master set up.
>
>
>
> database bdb
>
> suffix "dc=myldap,dc=com"
>
> rootdn "cn=Manager,dc=myldap,dc=com"
>
> rootpw {SSHA}ZmTfiKLVf8X5GERsT3b3AoB3/hFV3l7R
>
> directory /var/lib/ldap
>
>
>
> I’m guessing my problem may be with
> updatedn="cn=replica,dc=myldap,dc=com", but I’m not sure what it should
> be and whether or not I have to prime the replica with any special
> authentication to be able to write to it.
>
>
>
> If I run “ldapsearch -x -b 'dc=myldap,dc=com'” against the replica it
> comes up empty so I’m sure nothing is getting replicated. Further if I
> run the slave slapd with –d128 I get:
>
>
>
> [root@hpdc3dmgt1 ~]# slapd -d 128
>
> @(#) $OpenLDAP: slapd 2.3.43 (Nov 6 2008 02:53:24) $
>
>
> brewbuilder@hs20-bc1-5.build.redhat.com:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
>
> slapd starting
>
> request done: ld 0x2ac52b507c70 msgid 1
>
> => bdb_entry_get: cannot find entry: "dc=myldap,dc=com"
>
> do_syncrep2: rid 123got search entry without control
>
> do_syncrepl: rid 123 quitting
>
>
>
> but I have no idea where it’s looking for the entry, on the master or
> the slave? But I do have that entry on the master.
>
>
>
> I’m sure I’m doing something wrong but am also hoping it’s relatively minor.
>
>
>
> -mark
>
>
>
>
>