Hi Dieter,
Here are the two ldifs I used to configure everything: (only difference is the order the olcServerID is placed in.
First Master: dn: cn=config changetype: modify replace: olcServerID olcServerID: 10 ldap://10.211.55.8 olcServerID: 20 ldap://10.211.55.11
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://10.211.55.8 binddn="cn=config" bindmethod=simple credentials=$PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://10.211.55.11 binddn="cn=config" bindmethod=simple credentials=$PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
Second Master: dn: cn=config changetype: modify replace: olcServerID olcServerID: 20 ldap://10.211.55.11 olcServerID: 10 ldap://10.211.55.8
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://10.211.55.8 binddn="cn=config" bindmethod=simple credentials=$PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://10.211.55.11 binddn="cn=config" bindmethod=simple credentials=$PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
On 03 Sep 2010, at 15:55, Dieter Kluenter wrote:
Am Fri, 3 Sep 2010 14:25:51 +0200 schrieb Alister Forbes a@cisco.com:
All,
My situation is that I'm trying to get replication working between two instances of openldap 2.4.23, both running on RHEL5, both built with the same options, and db built under them with the same options, and both OS instances are the same (cloned VMs)
I can see the two slapd's trying to communicate, but athough the passwords supplied in 'credentials' are definitely correct, I keep seeing the err=49 in the logs below
I've been struggling with this for days now.. can anyone give me a hint what I've messed up?
Also, I'm not sure if it's related, but I now can't change anything in the servers configs directly, I keep getting -
ldap_modify: Server is unwilling to perform (53) additional info: shadow context; no update referral
I think this is the behaviour you would expect when the server was a syncrepl slave, but these are supposed to be multi-mastered.
Any help, greatfully received Alister
output of ldapsearch:
# {0}config, config dn: olcDatabase={0}config,cn=config olcSyncrepl: {0}rid=001 provider=ldap://10.211.55.8 binddn="cn=config" bindmet hod=simple credentials=cisco123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncrepl: {1}rid=002 provider=ldap://10.211.55.11 binddn="cn=config" bindme thod=simple credentials=cisco123 searchbase="cn=config" type=refreshAndPersis t retry="5 5 300 5" timeout=1
[...]
Did you load the syncprov overlay? And did you declare mirrorMode? You only provide some syncrepl configuration.
-Dieter
-- Dieter Klünter | Systemberatung sip: 7770535@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
-- Alister Forbes Work: +32 2 704 5762 Internal: 322 5762 a@cisco.com TACSUNS _.|._.|._ Cisco Systems
Please avoid sending me Word or PowerPoint attachments. See - http://www.gnu.org/philosophy/no-word-attachments.html