Hi all,
I am setting a pair of multi-master replicated servers (venus and haumea) using Ubuntu 10.04 and OpenLDAP 2.4.21-0ubuntu5. I am following the docs at http://www.openldap.org/doc/admin24/replication.html and when I get to the part for this ldif:
dn: olcDatabase={1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {1}frontend olcSuffix: dc=tld olcDbDirectory: ./db olcRootDN: cn=admin,dc=tld olcRootPW: secret olcLimits: dn.exact="cn=admin,dc=tld" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcSyncRepl: rid=003 provider=ldap://haumea.tld binddn="cn=admin,dc=tld" bindmethod=simple credentials=secret searchbase="dc=tld" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=004 provider=ldap://venus.tld binddn="cn=admin,dc=tld" bindmethod=simple credentials=secret searchbase="dc=tld" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}frontend,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
I get htis error:
root@haumea:/etc/ldap# ldapadd -x -H ldap://localhost/ -D "cn=admin,cn=config" -W -f replica.ldif Enter LDAP Password: adding new entry "olcDatabase={1}frontend,cn=config" ldap_add: Object class violation (65) additional info: attribute 'olcDbDirectory' not allowed
root@haumea:/etc/ldap#
I googled for this but got very few useless results. Can someone point me the right direction?
Thanks and best regards.
I am not a pro at OpenLDAP but do you need to setup the "frontend" database in replication mode? In my setup, only "cn=config" is set to replicate and that takes care of replication of the "frontend" too such that any ACL changes in "frontend" of one instance propogate to other instances as well.
- Siddhartha
-----Original Message----- From: openldap-technical-bounces+sjain=silverspringnet.com@openldap.org [mailto:openldap-technical- bounces+sjain=silverspringnet.com@openldap.org] On Behalf Of Marcio Merlone Sent: Wednesday, May 26, 2010 11:32 AM To: openldap-technical@openldap.org Subject: Replication via cn=config
Hi all,
I am setting a pair of multi-master replicated servers (venus and haumea) using Ubuntu 10.04 and OpenLDAP 2.4.21-0ubuntu5. I am following the docs at http://www.openldap.org/doc/admin24/replication.html and when I get to the part for this ldif:
dn: olcDatabase={1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {1}frontend olcSuffix: dc=tld olcDbDirectory: ./db olcRootDN: cn=admin,dc=tld olcRootPW: secret olcLimits: dn.exact="cn=admin,dc=tld" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcSyncRepl: rid=003 provider=ldap://haumea.tld binddn="cn=admin,dc=tld" bindmethod=simple credentials=secret searchbase="dc=tld" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=004 provider=ldap://venus.tld binddn="cn=admin,dc=tld" bindmethod=simple credentials=secret searchbase="dc=tld" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}frontend,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
I get htis error:
root@haumea:/etc/ldap# ldapadd -x -H ldap://localhost/ -D "cn=admin,cn=config" -W -f replica.ldif Enter LDAP Password: adding new entry "olcDatabase={1}frontend,cn=config" ldap_add: Object class violation (65) additional info: attribute 'olcDbDirectory' not allowed
root@haumea:/etc/ldap#
I googled for this but got very few useless results. Can someone point me the right direction?
Thanks and best regards.
-- Marcio Merlone
Em 26-05-2010 21:09, Siddhartha Jain escreveu:
I am not a pro at OpenLDAP but do you need to setup the "frontend" database in replication mode? In my setup, only "cn=config" is set to replicate and that takes care of replication of the "frontend" too such that any ACL changes in "frontend" of one instance propogate to other instances as well.
-----Original Message----- From: openldap-technical-bounces+sjain=silverspringnet.com@openldap.org [mailto:openldap-technical- bounces+sjain=silverspringnet.com@openldap.org] On Behalf Of Marcio Merlone Sent: Wednesday, May 26, 2010 11:32 AM To: openldap-technical@openldap.org Subject: Replication via cn=config
Hi all,
I am setting a pair of multi-master replicated servers (venus and haumea) using Ubuntu 10.04 and OpenLDAP 2.4.21-0ubuntu5. I am following the docs at http://www.openldap.org/doc/admin24/replication.html and when I get to the part for this ldif:
dn: olcDatabase={1}frontend,cn=config
Well, I found the docs ( http://www.openldap.org/doc/admin24/replication.html) a little confusing (dumb me) and since the only dn I could find to match "dn: olcDatabase={1}$BACKEND,cn=config" was 'frontend' I assumed that. It ends up that ${BACKEND} is a new tree and is really the backend (duh!) and thus the correct is "dn: olcDatabase={1}hdb,cn=config".
Another point that I am still not sure is what to use as $URIx below:
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 olcServerID: 3 $URI3
Suppose an hypothetic situation where I want two servers replicating in a multi-master way, named venus.domain.tld and haumea.domain.tld. Would I use the same ldif without change for both servers like this:
olcServerID: 1 ldap://haumea.domain.tld olcServerID: 2 ldap://venus.domain.tld
?
Also, the 'olcSyncRepl' parameter should be set for both on both?
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
As a suggestion, all configuration examples should have both slapd.conf and cn=config methods and examples (I am at http://www.openldap.org/doc/admin24/replication.html.)
Thanks and best regards.
In short, yes, both masters should have the exact same configuration for replication to work.
This syntax is correct: olcServerID: 1 ldap://haumea.domain.tld olcServerID: 2 ldap://venus.domain.tld
And yes, you need two "syncrepl" statements in each of the two masters.
You also need to instantiate a "syncprov" overlay for each database that you want to replicate.
This is another good online resource to see replication examples: http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-mm
Hope this helps,
Siddhartha
From: Marcio Merlone [mailto:marcio.merlone@a1.ind.br] Sent: Thursday, May 27, 2010 4:49 AM To: Siddhartha Jain Cc: openldap-technical@openldap.org Subject: Re: Replication via cn=config
Em 26-05-2010 21:09, Siddhartha Jain escreveu:
I am not a pro at OpenLDAP but do you need to setup the "frontend" database in replication mode? In my setup, only "cn=config" is set to replicate and that takes care of replication of the "frontend" too such that any ACL changes in "frontend" of one instance propogate to other instances as well.
-----Original Message-----
From: openldap-technical-bounces+sjain=silverspringnet.com@openldap.orgmailto:openldap-technical-bounces+sjain=silverspringnet.com@openldap.org
[mailto:openldap-technical-
bounces+sjain=silverspringnet.com@openldap.orgmailto:bounces+sjain=silverspringnet.com@openldap.org] On Behalf Of Marcio
Merlone
Sent: Wednesday, May 26, 2010 11:32 AM
To: openldap-technical@openldap.orgmailto:openldap-technical@openldap.org
Subject: Replication via cn=config
Hi all,
I am setting a pair of multi-master replicated servers (venus and
haumea) using Ubuntu 10.04 and OpenLDAP 2.4.21-0ubuntu5. I am following
the docs at http://www.openldap.org/doc/admin24/replication.html and
when I get to the part for this ldif:
dn: olcDatabase={1}frontend,cn=config
Well, I found the docs ( http://www.openldap.org/doc/admin24/replication.html) a little confusing (dumb me) and since the only dn I could find to match "dn: olcDatabase={1}$BACKEND,cn=config" was 'frontend' I assumed that. It ends up that ${BACKEND} is a new tree and is really the backend (duh!) and thus the correct is "dn: olcDatabase={1}hdb,cn=config".
Another point that I am still not sure is what to use as $URIx below:
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 olcServerID: 3 $URI3
Suppose an hypothetic situation where I want two servers replicating in a multi-master way, named venus.domain.tld and haumea.domain.tld. Would I use the same ldif without change for both servers like this:
olcServerID: 1 ldap://haumea.domain.tld olcServerID: 2 ldap://venus.domain.tld
?
Also, the 'olcSyncRepl' parameter should be set for both on both?
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
As a suggestion, all configuration examples should have both slapd.conf and cn=config methods and examples (I am at http://www.openldap.org/doc/admin24/replication.html.)
Thanks and best regards.
--
Marcio Merlone
openldap-technical@openldap.org
-
Marcio Merlone -
Siddhartha Jain