Hi,
My configuration is very simple.
On master, the slapd.conf file contains:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/rfc2307aix.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCACertificatePath /etc/openldap/certs TLSCertificateFile "fr-te-ldap-x1.intra.commercial-union.fr" TLSCertificateKeyFile /etc/openldap/certs/password TLSCipherSuite ECDHE+AESGCM:DHE+AESGCM TLSDHParamFile /etc/openldap/dh2048.pem TLSProtocolMin 3.3 TLSECName prime256v1
password-hash {CRYPT} #password-crypt-salt-format "$6$%.16s"
access to attrs=userPassword by self write by anonymous auth by * read
access to * by self read by users read by anonymous read
database bdb
suffix "dc=aviva,dc=fr" rootdn "cn=admin,dc=aviva,dc=fr" rootpw xxxxx
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
# replication LDAP moduleload syncprov index entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
sizelimit unlimited
And on slave server, the slapd conf contains:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/rfc2307aix.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCACertificatePath /etc/openldap/certs TLSCertificateFile "fr-te-ldap-x2.intra.commercial-union.fr" TLSCertificateKeyFile /etc/openldap/certs/password TLSCipherSuite ECDHE+AESGCM:DHE+AESGCM TLSDHParamFile /etc/openldap/dh2048.pem TLSProtocolMin 3.3 TLSECName prime256v1
password-hash {CRYPT}
access to attrs=userPassword by self write by anonymous auth by * read
access to * by self read by users read by anonymous read
database bdb
suffix "dc=aviva,dc=fr" rootdn "cn=admin,dc=aviva,dc=fr" rootpw xxxx
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
# replication syncrepl rid=100 provider=ldaps://fr-te-ldap-x1.intra.commercial-union.fr type=refreshAndPersist searchbase="dc=aviva,dc=fr" scope=sub schemachecking=on bindmethod=simple filter="(objectClass=*)" binddn="cn=admin,dc=aviva,dc=fr" credentials=redhat retry="15 +"
index entryUUID,entryCSN eq sizelimit 100000
Could you please tell me what is wrong here ?
Please advice me, Razvan