In a book about Openldap i have read the way to replicate the cn=config-data. But the author descripte the slapd.conf method. My OpenLDAP use the database-backend. so I try to combine it and most of them works fine

On the Master I have import following LDIF

 

dn: cn=config

changetype: modify

add: olcReferral

olcReferral: "ldap://ldap.example.de"

 

dn: cn=module{0},cn=config

changetype: modify

add: olcModuleLoad

olcModuleLoad: syncprov

 

dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config

changetype: add

objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig

olcOverlay: syncprov

 

dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config

changetype: add

objectClass: olcOverlayConfig

objectClass: olcSyncProvConfig

olcOverlay: syncprov

 

dn: olcDatabase={0}config,cn=config

changetype: modify

add: olcSyncrepl

olcSyncrepl: rid=002 provider=ldap://ldap.example.de type=refreshAndPersist retry="5 +" searchbase="cn=config" filter="(!(olcDatabase={0}config))" bindmethod=simple binddn="cn=admin,dc=example,dc=de" credentials=secret

add: olcUpdateRef

olcUpdateRef: ldap://ldap.example.de

 

dn: olcDatabase={1}hdb,cn=config

changetype: modify

add: olcSyncRepl

olcSyncRepl: rid=001 provider=ldap://ldap.example.de type=refreshAndPersist retry="5 +" searchbase="dc=example,dc=de" bindmethod=simple binddn="cn=admin,dc=example,dc=de" credentials=secret

add: olcUpdateRef

olcUpdateRef: ldap://ldap.example.de

 

On the Client-LDAP I import the following LDIF

dn: cn=config

#objectClass: olcGlobal

#cn: config

changetype: modify

add: olcReferral

olcreferral: ldap://ldap.example.de

 

dn: olcDatabase={0}config,cn=config

objectClass: olcDatabaseConfig

olcDatabase: {0}config

olcSyncRepl: rid=002 provider="ldap://ldap.example.de" binddn="cn=admin,dc=example,dc=de" bindmethod=simple credentials=secret searchbase="cn=config" filter="(!olcDatabase={0}config)" type=refreshAndPersist retry="10 +"

olcRootDN: cn=admin,dc=example,dc=de

olcUpdateRef: ldap://ldap.example.de

 

As result the complete ldap will be replicated. But when i restart the Slave-LDAP-Server then come up following error:

 

Starting OpenLDAP: slapd - failed.

The operation failed but no output was produced. For hints on what went

wrong please refer to the system's logfiles (e.g. /var/log/syslog) or

try running the daemon in Debug mode like via "slapd -d 16383" (warning:

this will create copious output).

 

Below, you can find the command line options used by this script to

run slapd. Do not forget to specify those options if you

want to look to debugging output:

  slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/

 

And in syslog i find following entry:

Nov  9 20:54:03 SMS002092 slapd[3376]: @(#) $OpenLDAP: slapd 2.4.21 (Jun  2 2011 19:36:19) $#012#011buildd@allspice:/build/buildd/openldap-2.4$

Nov  9 20:54:03 SMS002092 slapd[3376]: config error processing olcDatabase={2}config,cn=config:

Nov  9 20:54:03 SMS002092 slapd[3376]: slapd stopped.

Nov  9 20:54:03 SMS002092 slapd[3376]: connections_destroy: nothing to destroy.

 

I can understand this error: ALL data will replicated and on the Slave another config [olcDatatbase={2}config) will be created. How can I avoid the creation of the second , incomplete database?

 

Freundliche Grüße / Best regards

Michael