Well actually I am using nearly the same configuration as explained on openldap.org: http://www.openldap.org/doc/admin24/replication.html#Delta-syncrepl
The only thing I have added is the replication of the cn=schema,cn=config so that I don't need to keep schemas in sync myself:
dn: olcDatabase={0}config,cn=config changetype: modify add: olcAccess olcAccess: to dn.subtree="cn=schema,cn=config" by dn="cn=replicator,ou=ldapusers,dc=domain,dc=tld" read
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
So maybe the problem resides somewhere in these few additional lines. Do you see anything wrong here or anything to correct?
Thanks M.L.
On Thursday, November 21, 2013 9:22 PM, Christian Kratzer ck-lists@cksoft.de wrote:
Hi,
On Thu, 21 Nov 2013, ML mail wrote:
Hello,
I am using two OpenLDAP 2.4.31 servers with delta-syncrepl as replication method. So far everything works perfectly but I was wondering how I can modify cn=config settings on the consumer. For instance I would like to add new indexes (olcDbIndex) on the consumer to my replicated HDB database but this fails as you can see here:
ldap_modify: Server is unwilling to perform (53) additional info: shadow context; no update referral
I understand that it does not want me to modify any settings on my consumer but I was thinking this should be possible no? If not this means if I want to change a setting on the consumer I need to delete my whole database on the consumer configure it and add replication again.
Looks like you are you also replicating cn=config.
It appears you have 3 options:
1) Do not replicate cn=config and allow individual changes at each node.
2) Replicate cn=config to all servers and modify cn=config on the provider.
3) Use multimaster replication or configure referrals and perhaups chaining to allow changes on each node.
Greetings Christian