Hi,
I am currently working on trying to configure replication between 2 ldap servers. Here is my current setup....
2 servers, ldap01 and ldap02, both running centos 5.2 x86_64 with openldap2.4 installed from http://staff.telkomsa.net/packages/rhel5/openldap/x86_64/
openldap2.4-servers-2.4.11-1.rhel5
my slapd.conf on ldap01 is:
modulepath /usr/lib64/openldap2.4 moduleload syncprov.la TLSCertificateFile /etc/ssl/openldap2.4/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap2.4/ldap.pem TLSCACertificateFile /etc/ssl/openldap2.4/ldap.pem loglevel 32 256 1024 database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" rootpw directory /var/lib/ldap2.4 checkpoint 256 5 index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq index entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 200
slapd.conf on ldap02 is":
directory /var/lib/ldap2.4 checkpoint 256 5 index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq referral ldaps://ldap01/ syncrepl rid=123 provider=ldaps://ldap01/ type=refreshAndPersist searchbase="dc=example,dc=net" scope=sub schemachecking=off bindmethod=simple binddn="cn=manager,dc=example,dc=net" attrs="*" credentials=
This appears to work but it seems after some time the replication stops working , not seeing anything in the logs either.
Also with this setup, given a situation where ldap01 died and ldap02 took over, when I brought ldap01 back online, would configuration changes need to be made to ensure any changes that were made to ldap02 were replicated back properly or am I not using the proper replication technique for this situation? I'm still a bit new to OpenLDAP so I apologize if I explained anything incorrrectly. My end goal is to have 2 ldap servers in place where in the event of a failure the secondary could take over and when the primary is restored, have it fail back over without any loss of changes.
- Justin Lintz