Maybe I didn't pose the question very well. My Proxy Server is configured as a Syncrepl provider. The only difference to a "standard" Syncrepl Configuration is that the data isn't held local on the provider in a database but in a "database ldap". And this configuration does work.
That means: Syncrepl should take place between my consumer and the provider (which is itself configured as a proxy). The ldap-server which is working as the database backend of my proxy shouldn't need to understand anything about syncrepl. Correct? If yes - why does an OpenLDAP running as backend work but another ldap server (domino) doesn't?
I've included the 3 relevant slapd.conf files.I would really appreciate some additional input. It's frustrating because it does work... as long as vm04 is an openldap server and not domino. But from everything I've read, and from my tests, I don't understand why it matters what is behind vm04? It's just an ldap server.
Thank you very much for your support. Kind Regards Bonnie
#################################### Consumer Configuration (vm01.indaal.de) #################################### database bdb suffix "o=four" rootdn "cn=Manager,o=one" directory /var/lib/ldap/four lastmod on index default pres,eq index entryCSN pres,eq syncrepl rid=001 provider=ldap://vm03.indaal.de/ type=refreshAndPersist interval=00:00:01:00 retry="5 5 300 +" searchbase="o=four" schemachecking=off bindmethod=simple binddn="cn=Manager,o=four" credentials=secret
################################################### Syncrepl Provider Configuration (vm03.indaal.de / the proxy) ################################################### database ldap suffix "o=four" rootdn "cn=Manager,o=three" uri ldap://vm04.indaal.de/ acl-bind binddn="cn=Manager,o=four" bindmethod=simple credentials=secret lastmod on overlay syncprov
###################################### Standard Directory Server (vm04.indaal.de) ###################################### database bdb suffix "o=four" checkpoint 1024 5 cachesize 10000 rootdn "cn=Manager,o=four" rootpw secret directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,sn eq,pres,sub index uidNumber eq,pres index entryUUID,entryCSN eq
Bonnie Oostenbrug
Indaal Information Management GmbH Königstrasse 257 D-47798 Krefeld Tel: + 49 (0)2151 - 60748 16 Fax: +49 (0)2151 - 60748 10
bonnie.oostenbrug@indaal.de http://www.indaal.de
Gavin Henry ghenry@suretecsystems.com Sent by: openldap-technical-bounces+bonnie.oostenbrug=indaal.de@OpenLDAP.org 18.08.2008 16:15
To Bonnie Oostenbrug Bonnie.Oostenbrug@indaal.de cc openldap-technical@openldap.org Subject Re: Proxying data for syncrepl
----- "Bonnie Oostenbrug" Bonnie.Oostenbrug@indaal.de wrote:
Hi,
I am trying to set up the following configuration. Unfortunately, without much luck so far.
- A Directory Server capable of LDAP e.g. LotusDomino, OpenLDAP, AD,
etc.... (This Server isn't/can't be specially configured for replication. I can only ensure that the schema is correct. That is the whole point of my undertaking - because Lotus Domino/AD support it.
They support their own kind of replication, which is normally already configured, hence why it appears you don't need to enable anything.
- OpenLDAP configured as Proxy with a database of type LDAP with
overlay syncprov configured and a uri that points to my Directory Server
This won't work. Read more about how Syncrepl works at:
http://www.openldap.org/doc/admin24/replication.html#LDAP%20Sync%20Replicati...
You can only use Syncrepl against a Syncrepl provider.
- A Consumer with a database of type BDB configured for syncrepl with
my proxy as provider
The whole idea is to be able to use this setup to incorporate information from diverse legacy directory servers and get it into a manageable standard OpenLDAP Directory. Without exports etc. I need to have the data replicated down local to my consumer due to Network restrictions. I want to be able to point my Proxy at 3 different Directory Servers and replicate this content down to a single consumer.
If I set up the configuration using an OpenLDAP Server as my Directory Server it works. (more or less*) But when I change the proxy to point to e.g. Lotus Domino as my Directory Server I get the error "got empty SyncUUID with LDAP_SYNC_ADD" and the content doesn't replicate down from the Directory Server. Although I see activity on my proxy - he queries my Directory Server.
Did I bite off to much for a newbie or am I missing something obvious??
Thanks for ideas in which direction I need to be looking! Bonnie
Also search the mailing list archives for numerous discussion of Active Directory replication with OpenLDAP.
Thanks,
Gavin.