Hi all,
My adventure with LDAP lasts a few months, and I came to the topic of replication, namely multiple-master replication. cn = config is replicated perfectly, but the schema, say, dc = example, dc = com does not want to: (.
I have two servers slap1 and slap2
I have a standard installation ##Server slap1 whezzy debian 64bit apt-get install-y slapd ldap-utils added my scheme ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / memberof.ldif ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / refint.ldif # Add "ldap :/ / ldap1 / in /etc/default/slapd sed-i "/^ SLAPD_SERVICES/s/=[^]*/="ldap://slap1//'/etc/default/slapd ldapmodify-Y EXTERNAL-H ldapi :/ / /-f replica1.ldif
where replica1.ldif (replication configuration):: dn: cn=config changetype: modify add: olcServerID olcServerID: 1
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {1}syncprov.la
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW #only for tests olcRootPW: 123
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://slap1/ olcServerID: 2 ldap://slap2/
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://slap1/ binddn="cn=admin,cn=config" bindmethod=simple credentials=123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config" bindmethod=simple credentials=123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
This same scenario takes on a server slap2 (the name change slap1 -> slap2)
where replica2.ldif (replication configuration only servers slap2) : dn: cn=config changetype: modify add: olcServerID olcServerID: 2
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {1}syncprov.la
dn: olcDatabase={0}config,cn=config changetype: modify #only for tests add: olcRootPW olcRootPW: 123
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://slap1/ olcServerID: 2 ldap://slap2/
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://slap1/ binddn="cn=admin,cn=config" bindmethod=simple credentials=123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config" bindmethod=simple credentials=123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
and it works , the whole configuration is replicated .
Now I want ( I'm trying to add a replication scheme . ) Adds only one server , eg slap2 : ldapmodify - Y EXTERNAL -H ldapi :/ / / -f rep_schema.ldif
where rep_schema.ldif :
# add replica schema dn: olcDatabase={1}hdb,cn=config changetype: modify replace: olcRootPW olcRootPW: 123 - replace: olcRootDN olcRootDN: cn=admin,dc=example,dc=com
dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcLimits olcLimits: dn.exact="cn=admin,dc=example,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited - add: olcSyncRepl olcSyncRepl: rid=004 provider=ldap://ldap1/ binddn="cn=admin,dc=example,dc=com" bindmethod=simple credentials="123" searchbase="dc=example,dc=com" starttls=no filter="(objectclass=*)" attrs="*,+" scope=sub schemachecking=of type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1 olcSyncRepl: rid=005 provider=ldap://ldap2/ binddn="cn=admin,dc=example,dc=com" bindmethod=simple credentials="123" searchbase="dc=example,dc=com" starttls=no filter="(objectclass=*)" attrs="*,+" scope=sub schemachecking=off type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1 - add: olcDbIndex olcDbIndex: entryUUID eq - add: olcDbIndex olcDbIndex: entryCSN eq - add: olcMirrorMode olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
Configuration replicates and the end, schema does not replicate. If you try to replicate one of the servers are in the logs I see:
Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=004 rc -1 quitting Dec 15 23:44:48 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1) Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=005 rc -1 retrying Dec 15 23:44:58 slap1 slapd[4496]: =>do_syncrepl rid=005 Dec 15 23:44:58 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Dec 15 23:44:50 slap2 slapd[4456]: do_syncrepl: rid=004 rc -1 retrying Dec 15 23:44:54 slap2 slapd[4456]: =>do_syncrepl rid=005 Dec 15 23:44:54 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1) Dec 15 23:44:54 slap2 slapd[4456]: do_syncrepl: rid=005 rc -1 quitting Dec 15 23:45:00 slap2 slapd[4456]: =>do_syncrepl rid=004 Dec 15 23:45:00 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap1/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
from server slap2 to search slap1: ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap1/ -b dc=example,dc=com -w 123 (working)
from server slap1 to search slap2: ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap2/ -b dc=example,dc=com -w 123 (working)
I'm out of ideas... user : DN="cn=admin,dc=example,dc=com" is created automatically when I install slapd
Can anyone have any suggestions or experience with this problem. For all, thank you in advance.
Muniek
I run slap2 for:
/usr/sbin/slapd -h ldap://slap2:389 -d 16383 -u openldap -g openldap
52aef96c =>do_syncrepl rid=004 ldap_create ldap_url_parse_ext(ldap://ldap1:389) ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap1:389 52aef96c =>do_syncrepl rid=005 ldap_create ldap_url_parse_ext(ldap://ldap2:389) ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap2:389 52aef971 daemon: epoll: listen=7 active_threads=0 tvp=zero 52aef971 daemon: epoll: listen=8 active_threads=0 tvp=zero *ldap_connect_to_host: getaddrinfo failed: Name or service not known* 52aef976 slap_client_connect: *URI=ldap://ldap1:389 *DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1) 52aef976 do_syncrepl: rid=004 rc -1 retrying (4 retries left) 52aef976 daemon: activity on 1 descriptor 52aef976 daemon: activity on:52aef976 52aef976 daemon: epoll: listen=7 active_threads=0 tvp=zero 52aef976 daemon: epoll: listen=8 active_threads=0 tvp=zero *ldap_connect_to_host: getaddrinfo failed: Name or service not known* 52aef976 slap_client_connect: *URI=ldap://ldap2:389 *DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1) 52aef976 do_syncrepl: rid=005 rc -1 retrying (4 retries left) 52aef976 daemon: activity on 1 descriptor 52aef976 daemon: activity on:52aef976 52aef976 daemon: epoll: listen=7 active_threads=0 tvp=zero 52aef976 daemon: epoll: listen=8 active_threads=0 tvp=zero
ldap1 --> slap1 ldap2 --> slap2
...and every working.
I'm blind and so the topic !!!
Thread is closed
2013/12/16 Artur Nike opalsie@gmail.com
Hi all,
My adventure with LDAP lasts a few months, and I came to the topic of replication, namely multiple-master replication. cn = config is replicated perfectly, but the schema, say, dc = example, dc = com does not want to: (.
I have two servers slap1 and slap2
I have a standard installation ##Server slap1 whezzy debian 64bit apt-get install-y slapd ldap-utils added my scheme ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / memberof.ldif ldapadd-Y EXTERNAL-H ldapi :///-f $ CURRENT / refint.ldif # Add "ldap :/ / ldap1 / in /etc/default/slapd sed-i "/^ SLAPD_SERVICES/s/=[^]*/="ldap://slap1//'/etc/default/slapd ldapmodify-Y EXTERNAL-H ldapi :/ / /-f replica1.ldif
where replica1.ldif (replication configuration):: dn: cn=config changetype: modify add: olcServerID olcServerID: 1 dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {1}syncprov.la dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW #only for tests olcRootPW: 123 dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://slap1/ olcServerID: 2 ldap://slap2/ dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://slap1/
binddn="cn=admin,cn=config" bindmethod=simple credentials=123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config" bindmethod=simple credentials=123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
This same scenario takes on a server slap2 (the name change slap1 -> slap2)
where replica2.ldif (replication configuration only servers slap2) : dn: cn=config changetype: modify add: olcServerID olcServerID: 2 dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {1}syncprov.la dn: olcDatabase={0}config,cn=config changetype: modify #only for tests add: olcRootPW olcRootPW: 123 dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://slap1/ olcServerID: 2 ldap://slap2/ dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://slap1/
binddn="cn=admin,cn=config" bindmethod=simple credentials=123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://slap2/ binddn="cn=admin,cn=config" bindmethod=simple credentials=123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
and it works , the whole configuration is replicated .
Now I want ( I'm trying to add a replication scheme . ) Adds only one server , eg slap2 : ldapmodify - Y EXTERNAL -H ldapi :/ / / -f rep_schema.ldif
where rep_schema.ldif :
# add replica schema dn: olcDatabase={1}hdb,cn=config changetype: modify replace: olcRootPW olcRootPW: 123 - replace: olcRootDN olcRootDN: cn=admin,dc=example,dc=com dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcLimits olcLimits: dn.exact="cn=admin,dc=example,dc=com"
time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited - add: olcSyncRepl olcSyncRepl: rid=004 provider=ldap://ldap1/ binddn="cn=admin,dc=example,dc=com" bindmethod=simple credentials="123" searchbase="dc=example,dc=com" starttls=no filter="(objectclass=*)" attrs="*,+" scope=sub schemachecking=of type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1 olcSyncRepl: rid=005 provider=ldap://ldap2/ binddn="cn=admin,dc=example,dc=com" bindmethod=simple credentials="123" searchbase="dc=example,dc=com" starttls=no filter="(objectclass=*)" attrs="*,+" scope=sub schemachecking=off type=refreshAndPersist interval=00:00:00:10 retry="5 5 10 5" timeout=1 - add: olcDbIndex olcDbIndex: entryUUID eq - add: olcDbIndex olcDbIndex: entryCSN eq - add: olcMirrorMode olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
Configuration replicates and the end, schema does not replicate. If you try to replicate one of the servers are in the logs I see:
Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=004 rc -1 quitting Dec 15 23:44:48 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1) Dec 15 23:44:48 slap1 slapd[4496]: do_syncrepl: rid=005 rc -1 retrying Dec 15 23:44:58 slap1 slapd[4496]: =>do_syncrepl rid=005 Dec 15 23:44:58 slap1 slapd[4496]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
Dec 15 23:44:50 slap2 slapd[4456]: do_syncrepl: rid=004 rc -1 retrying Dec 15 23:44:54 slap2 slapd[4456]: =>do_syncrepl rid=005 Dec 15 23:44:54 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap2/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1) Dec 15 23:44:54 slap2 slapd[4456]: do_syncrepl: rid=005 rc -1 quitting Dec 15 23:45:00 slap2 slapd[4456]: =>do_syncrepl rid=004 Dec 15 23:45:00 slap2 slapd[4456]: slap_client_connect: URI=ldap://ldap1/ DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (-1)
from server slap2 to search slap1: ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap1/ -b dc=example,dc=com -w 123 (working)
from server slap1 to search slap2: ldapsearch -x -D cn=admin,dc=example,dc=com-H ldap://slap2/ -b dc=example,dc=com -w 123 (working)
I'm out of ideas... user : DN="cn=admin,dc=example,dc=com" is created automatically when I install slapd
Can anyone have any suggestions or experience with this problem. For all, thank you in advance.
Muniek
openldap-technical@openldap.org