Hi All, After incorporate your suggestions I have mutl master replication environment up and running. I am able to ldapadd from server1 and do a ldapsearch on server2 and see the entry that was added from server1 and vice versa. However, I am run into restore issue. I use slapcat -b "dc=cornell,dc=edu" -l data.lfid to do a database backup and using slapadd -f data.ldif to restore it but when try to start slapd I got error. Do I mssing sometinng or forgot to do somthing? Below is my commands out put. Once again thank you very much for all your help.
Garry
[ldap@ip-10-92-164-27 ~]$ slapadd -f data.ldif
5c12a90f data.ldif: line 1: unknown directive dn: outside backend info and database definitions.
slapadd: bad configuration file!
[ldap@ip-10-92-164-27 ~]$ slapadd -l /home/ldap/data.ldif
5c12a94f bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
5c12a94f => bdb_tool_entry_put: id2entry_add failed: BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
5c12a94f => bdb_tool_entry_put: txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
slapadd: could not add entry dn="dc=cornell,dc=edu" (line=1): txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
_#### 20.90% eta none elapsed none spd 1.3 M/s
[centos@ip-10-92-164-27 lib]$ sudo systemctl start slapd
Job for slapd.service failed because the control process exited with error code. See "systemctl status slapd.service" and "journalctl -xe" for details.
[centos@ip-10-92-164-27 lib]$ systemctl status slapd.service -l
● slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2018-12-13 18:49:20 UTC; 9s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 12775 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
Process: 12762 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Starting OpenLDAP Server Daemon...
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal runuser[12765]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: @(#) $OpenLDAP: slapd 2.4.44 (Oct 30 2018 23:14:27) $
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: /etc/openldap/slapd.conf: line 109: invalid path: Permission denied
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: slapd stopped.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: connections_destroy: nothing to destroy.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: slapd.service: control process exited, code=exited status=1
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Failed to start OpenLDAP Server Daemon.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Unit slapd.service entered failed state.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: slapd.service failed.
[centos@ip-10-92-164-27 lib]$ sudo ls -ltr /var/lib/ldap
total 19536
-rw-r--r--. 1 ldap ldap 845 Dec 13 18:43 DB_CONFIG
-rw-------. 1 ldap ldap 8192 Dec 13 18:43 dn2id.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:43 cn.bdb
-rw-------. 1 ldap ldap 3761704 Dec 13 18:47 __db.003
-rw-------. 1 ldap ldap 17448960 Dec 13 18:47 __db.002
-rw-------. 1 ldap ldap 2326528 Dec 13 18:47 __db.001
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 entryCSN.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 entryUUID.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 objectClass.bdb
-rw-------. 1 ldap ldap 32768 Dec 13 18:47 id2entry.bdb
-rw-------. 1 ldap ldap 10485760 Dec 13 18:47 log.0000000001
-rw-r--r--. 1 ldap ldap 4096 Dec 13 18:47 alock
[centos@ip-10-92-164-27 lib]$ journalctl -xe
-- The start-up result is done.
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal kubelet[12861]: F1213 18:51:40.496492 12861 server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered failed state.
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service holdoff time over, scheduling restart.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Stopped kubelet: The Kubernetes Node Agent.
-- Subject: Unit kubelet.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished shutting down.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Started kubelet: The Kubernetes Node Agent.
-- Subject: Unit kubelet.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished starting up.
--
-- The start-up result is done.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal kubelet[12867]: F1213 18:51:50.746589 12867 server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered failed state.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service holdoff time over, scheduling restart.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Stopped kubelet: The Kubernetes Node Agent.
-- Subject: Unit kubelet.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished shutting down.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Started kubelet: The Kubernetes Node Agent.
-- Subject: Unit kubelet.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished starting up.
--
-- The start-up result is done.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal kubelet[12873]: F1213 18:52:00.996272 12873 server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered failed state.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
lines 2580-2622/2622 (END)
________________________________ From: openldap-technical openldap-technical-bounces@openldap.org on behalf of Eggo why eggo@hotmail.com Sent: Monday, December 10, 2018 11:56 PM To: Quanah Gibson-Mount; openldap-technical@openldap.org Subject: Re: Please help on Openldap issue
Hi All, Thank you very much for all your help. I just realized that all the emails from openldap.org was going to deleted folder.
The quotes you're using appear to be high-bit instead of standard ascii. Did you cut and paste out of a word document or something? --> Yes, I copy it from my note that was take down while doing my first configuration.
Any particular reason why you want to define your DB at root level? --> No reason, Because this Openldap instance is going to use for Oracle tnsname lookup only.
I will try out all your suggestions and report it back. Once again, I am very appreciate all your help.
Garry
________________________________ From: Quanah Gibson-Mount quanah@symas.com Sent: Friday, December 7, 2018 3:18 PM To: Michael Ströder; Eggo why; openldap-technical@openldap.org Subject: Re: Please help on Openldap issue
--On Friday, December 07, 2018 4:13 PM +0100 Michael Ströder michael@stroeder.com wrote:
Value given with -D must match rootdn in database section of your slapd.conf.
You may want to read the slapd.conf a little closer. There are multiple DB's defined.
database bdb suffix "dc=cornell,dc=edu" rootdn "cn=admin,dc=cornell,dc=edu"
Although it's not clear to me the submitter is actually reading our responses, given they didn't read the last set of answers.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com