10:36 a.m.
Hello friends, I've been trying to setup Mirror Mode replication, using
the openldap.org docs and others from googling.. and am having some
interesting results. I am new to this so this has been an enlightening
experience to say the least, but perhaps if someone on the list might be
able to answer a few questions that would be awesome...
I have 2 nodes, and want to get mirror mode running for high
availibility .. and will add samba to auth ( later )
Basically it seems that mirror mode is sort of working.. i can see the
syncRep talking back and forth .. However .. I cannot write to either
nodes once replication is running.
Below example is me trying to add a user account:
error is : ( phpldapadmin reports )
LDAP said: Server is unwilling to perform
Error number: 0x35 (LDAP_UNWILLING_TO_PERFORM)
Description: The LDAP server refused to perform the operation.
log file reports in detail:
Mar 26 13:14:38 ldap01 slapd[1433]: >>> dnPrettyNormal:
<cn=joepreston,dc=foobar,dc=com>
Mar 26 13:14:38 ldap01 slapd[1433]: <<< dnPrettyNormal:
<cn=joepreston,dc=foobar,dc=com>, <cn=joepreston,dc=foobar,dc=com>
Mar 26 13:14:38 ldap01 slapd[1433]: do_add: dn
(cn=joepreston,dc=foobar,dc=com)
Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 ADD
dn="cn=joepreston,dc=foobar,dc=com"
Mar 26 13:14:38 ldap01 slapd[1433]:
bdb_dn2entry("cn=joepreston,dc=foobar,dc=com")
Mar 26 13:14:38 ldap01 slapd[1433]: =>
bdb_dn2id("cn=joepreston,dc=foobar,dc=com")
Mar 26 13:14:38 ldap01 slapd[1433]: <= bdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30989)
Mar 26 13:14:38 ldap01 slapd[1433]: bdb_referrals: op=104
target="cn=joepreston,dc=foobar,dc=com" matched="dc=foobar,dc=com"
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: conn=14 op=1 p=3
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: err=53 matched=""
text="shadow context; no update referral"
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_response: msgid=2 tag=105
err=53
Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 RESULT tag=105 err=53
text=shadow context; no update referral
Mar 26 13:14:38 ldap01 slapd[1433]: daemon: activity on 1 descriptor
Ma
so::
text="shadow context; no update referral"
using mirrormode, i should be able to write to the db correct?
initally, i used ldapadd to add my ldif files on node 1 ( with syncRep
commented out ) then useds slapcat/slapadd to populate the db on node 2,
then uncommented syncRep on both nodes and restarted both..
( this was because i was trying to troubleshoot the DB_NOTFOUND error
above ... the result was it still errored ) however, it seems the
text=shadow context; no update referral may be the real issue.
am i missing something in these configs in reguards to mirrormode?
logs seem to indicate syncRep is talking, and access is allowed,
but no write, and if i ldap add to node 1 ( with Rep commented out )
then uncomment and restart both ( so node 1 has data but node2 does not,
i can see syncRep talking, but node2 never picks up the changes )
ok whew, sorry about all of that.. any ideas?
using:
openldap-2.3.27
CentOS 5.2 2.6.18-92.el5 64
db-4.7.25
smbldap-tools-0.9.5-1
was going to upgrade to the latest, but there are a ton
of deps , so i though i'd ask forst..
many many thanks!
node1: slapd.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/samba.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
moduleload back_bdb.la
moduleload back_ldap.la
moduleload back_ldbm.la
moduleload back_passwd.la
moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/slapdkey.pem
access to *
by dn.base="cn=Manager,dc=foobar,dc=com" read
by * break
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=foobar,dc=com"
rootdn "cn=Manager,dc=foobar,dc=com"
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
index objectclass,entryCSN,entryUUID eq
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index memberUid,mail,givenname
eq,subinitial
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Global section
serverID 1
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap02.hq.foobar.com
bindmethod=simple
binddn="cn=Manager,dc=foobar,dc=com"
credentials=morefoo
searchbase="dc=foobar,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
node2:
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/samba.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
moduleload back_bdb.la
moduleload back_ldap.la
moduleload back_ldbm.la
moduleload back_passwd.la
moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/slapdkey.pem
access to *
by dn.base="cn=Manager,dc=foobar,dc=com" read
by * break
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=foobar,dc=com"
rootdn "cn=Manager,dc=foobar,dc=com"
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
index objectclass,entryCSN,entryUUID eq
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index memberUid,mail,givenname
eq,subinitial
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Global section
serverID 2
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap01.hq.foobar.com
bindmethod=simple
binddn="cn=Manager,dc=foobar,dc=com"
credentials=morefoo
searchbase="dc=foobar,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
--
Jonas Haskins
Sr Network Administrator
jhaskins(a)adready.com (206)792-5184
AdReady INC
4:38 a.m.
The problem is centos + openldap. They don't compile their openldap
packages with overlay support so nothing will work the way you want it.
Trust me, the same thing happened to me and caused hours of hair pulling
aggravation. On top of that, mirror mode isn't supported in openldap
2.3. You'll have to use a third party repository with openldap 2.4 if
you expect it to work with centos.
http://blog.zrmt.com/2007/10/18/rhel5-openldap/
Follow the instructions there on how to setup openldap using a third
party repo. Also note to install openldap 2.4 (which you need) run
those yum install commands with '2.4' appended ie: yum install
openldap2.4-servers openldap2.4 clients.
Trust me, you MUST use these packages if you expect anything to work
and I can honestly say the quality of these packages are much better
than what centos has to offer.
Tyler
On Fri, 27 Mar 2009 10:36:02 -0700
Jonas Haskins <jhaskins(a)adready.com> wrote:
Hello friends, I've been trying to setup Mirror Mode
replication,
using the openldap.org docs and others from googling.. and am having
some interesting results. I am new to this so this has been an
enlightening experience to say the least, but perhaps if someone on
the list might be able to answer a few questions that would be
awesome...
I have 2 nodes, and want to get mirror mode running for high
availibility .. and will add samba to auth ( later )
Basically it seems that mirror mode is sort of working.. i can see the
syncRep talking back and forth .. However .. I cannot write to either
nodes once replication is running.
Below example is me trying to add a user account:
error is : ( phpldapadmin reports )
LDAP said: Server is unwilling to perform
Error number: 0x35 (LDAP_UNWILLING_TO_PERFORM)
Description: The LDAP server refused to perform the operation.
log file reports in detail:
Mar 26 13:14:38 ldap01 slapd[1433]: >>> dnPrettyNormal:
<cn=joepreston,dc=foobar,dc=com>
Mar 26 13:14:38 ldap01 slapd[1433]: <<< dnPrettyNormal:
<cn=joepreston,dc=foobar,dc=com>, <cn=joepreston,dc=foobar,dc=com>
Mar 26 13:14:38 ldap01 slapd[1433]: do_add: dn
(cn=joepreston,dc=foobar,dc=com)
Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 ADD
dn="cn=joepreston,dc=foobar,dc=com"
Mar 26 13:14:38 ldap01 slapd[1433]:
bdb_dn2entry("cn=joepreston,dc=foobar,dc=com")
Mar 26 13:14:38 ldap01 slapd[1433]: =>
bdb_dn2id("cn=joepreston,dc=foobar,dc=com")
Mar 26 13:14:38 ldap01 slapd[1433]: <= bdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30989)
Mar 26 13:14:38 ldap01 slapd[1433]: bdb_referrals: op=104
target="cn=joepreston,dc=foobar,dc=com" matched="dc=foobar,dc=com"
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: conn=14 op=1 p=3
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: err=53
matched="" text="shadow context; no update referral"
Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_response: msgid=2
tag=105 err=53
Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 RESULT tag=105 err=53
text=shadow context; no update referral
Mar 26 13:14:38 ldap01 slapd[1433]: daemon: activity on 1 descriptor
Ma
so::
text="shadow context; no update referral"
using mirrormode, i should be able to write to the db correct?
initally, i used ldapadd to add my ldif files on node 1 ( with syncRep
commented out ) then useds slapcat/slapadd to populate the db on node
2, then uncommented syncRep on both nodes and restarted both..
( this was because i was trying to troubleshoot the DB_NOTFOUND error
above ... the result was it still errored ) however, it seems the
text=shadow context; no update referral may be the real issue.
am i missing something in these configs in reguards to mirrormode?
logs seem to indicate syncRep is talking, and access is allowed,
but no write, and if i ldap add to node 1 ( with Rep commented out )
then uncomment and restart both ( so node 1 has data but node2 does
not, i can see syncRep talking, but node2 never picks up the changes )
ok whew, sorry about all of that.. any ideas?
using:
openldap-2.3.27
CentOS 5.2 2.6.18-92.el5 64
db-4.7.25
smbldap-tools-0.9.5-1
was going to upgrade to the latest, but there are a ton
of deps , so i though i'd ask forst..
many many thanks!
node1: slapd.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/samba.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
moduleload back_bdb.la
moduleload back_ldap.la
moduleload back_ldbm.la
moduleload back_passwd.la
moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/slapdkey.pem
access to *
by dn.base="cn=Manager,dc=foobar,dc=com" read
by * break
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=foobar,dc=com"
rootdn "cn=Manager,dc=foobar,dc=com"
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
index objectclass,entryCSN,entryUUID eq
index cn,sn,uid,displayName
pres,sub,eq index
uidNumber,gidNumber eq index
sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index
memberUid,mail,givenname eq,subinitial
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Global section
serverID 1
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap02.hq.foobar.com
bindmethod=simple
binddn="cn=Manager,dc=foobar,dc=com"
credentials=morefoo
searchbase="dc=foobar,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
node2:
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/samba.schema
loglevel -1
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
moduleload back_bdb.la
moduleload back_ldap.la
moduleload back_ldbm.la
moduleload back_passwd.la
moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/slapdkey.pem
access to *
by dn.base="cn=Manager,dc=foobar,dc=com" read
by * break
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=foobar,dc=com"
rootdn "cn=Manager,dc=foobar,dc=com"
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
index objectclass,entryCSN,entryUUID eq
index cn,sn,uid,displayName
pres,sub,eq index
uidNumber,gidNumber eq index
sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index
memberUid,mail,givenname eq,subinitial
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# Global section
serverID 2
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap01.hq.foobar.com
bindmethod=simple
binddn="cn=Manager,dc=foobar,dc=com"
credentials=morefoo
searchbase="dc=foobar,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
8:52 a.m.
Tyler,
the fact that I work with CentOS and use the packages from Red Hat can
generate some incompatibility?
I will implement (or was) a CentOS with Samba + OpenLDAP tomorrow, but
I'm worried: |
------
Raul Libório
http://rauhmaru.blogspot.com/
rauhmarutsªhotmailºcom
Linux user#4444581
"The bug is on the table."
On Sun, Mar 29, 2009 at 8:38 AM, Tyler Gates <tgates81(a)gmail.com> wrote:
The problem is centos + openldap. They don't compile their
openldap
packages with overlay support so nothing will work the way you want it.
Trust me, the same thing happened to me and caused hours of hair pulling
aggravation. On top of that, mirror mode isn't supported in openldap
2.3. You'll have to use a third party repository with openldap 2.4 if
you expect it to work with centos.
http://blog.zrmt.com/2007/10/18/rhel5-openldap/
Follow the instructions there on how to setup openldap using a third
party repo. Also note to install openldap 2.4 (which you need) run
those yum install commands with '2.4' appended ie: yum install
openldap2.4-servers openldap2.4 clients.
Trust me, you MUST use these packages if you expect anything to work
and I can honestly say the quality of these packages are much better
than what centos has to offer.
Tyler
On Fri, 27 Mar 2009 10:36:02 -0700
Jonas Haskins <jhaskins(a)adready.com> wrote:
> Hello friends, I've been trying to setup Mirror Mode replication,
> using the openldap.org docs and others from googling.. and am having
> some interesting results. I am new to this so this has been an
> enlightening experience to say the least, but perhaps if someone on
> the list might be able to answer a few questions that would be
> awesome...
>
>
> I have 2 nodes, and want to get mirror mode running for high
> availibility .. and will add samba to auth ( later )
>
>
> Basically it seems that mirror mode is sort of working.. i can see the
> syncRep talking back and forth .. However .. I cannot write to either
> nodes once replication is running.
>
> Below example is me trying to add a user account:
>
>
> error is : ( phpldapadmin reports )
> LDAP said: Server is unwilling to perform
> Error number: 0x35 (LDAP_UNWILLING_TO_PERFORM)
> Description: The LDAP server refused to perform the operation.
>
> log file reports in detail:
>
>
> Mar 26 13:14:38 ldap01 slapd[1433]: >>> dnPrettyNormal:
> <cn=joepreston,dc=foobar,dc=com>
> Mar 26 13:14:38 ldap01 slapd[1433]: <<< dnPrettyNormal:
> <cn=joepreston,dc=foobar,dc=com>, <cn=joepreston,dc=foobar,dc=com>
> Mar 26 13:14:38 ldap01 slapd[1433]: do_add: dn
> (cn=joepreston,dc=foobar,dc=com)
> Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 ADD
> dn="cn=joepreston,dc=foobar,dc=com"
> Mar 26 13:14:38 ldap01 slapd[1433]:
> bdb_dn2entry("cn=joepreston,dc=foobar,dc=com")
> Mar 26 13:14:38 ldap01 slapd[1433]: =>
> bdb_dn2id("cn=joepreston,dc=foobar,dc=com")
> Mar 26 13:14:38 ldap01 slapd[1433]: <= bdb_dn2id: get failed:
> DB_NOTFOUND: No matching key/data pair found (-30989)
> Mar 26 13:14:38 ldap01 slapd[1433]: bdb_referrals: op=104
> target="cn=joepreston,dc=foobar,dc=com"
matched="dc=foobar,dc=com"
> Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: conn=14 op=1 p=3
> Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_result: err=53
> matched="" text="shadow context; no update referral"
> Mar 26 13:14:38 ldap01 slapd[1433]: send_ldap_response: msgid=2
> tag=105 err=53
> Mar 26 13:14:38 ldap01 slapd[1433]: conn=14 op=1 RESULT tag=105 err=53
> text=shadow context; no update referral
> Mar 26 13:14:38 ldap01 slapd[1433]: daemon: activity on 1 descriptor
> Ma
>
>
> so::
> text="shadow context; no update referral"
>
> using mirrormode, i should be able to write to the db correct?
>
> initally, i used ldapadd to add my ldif files on node 1 ( with syncRep
> commented out ) then useds slapcat/slapadd to populate the db on node
> 2, then uncommented syncRep on both nodes and restarted both..
> ( this was because i was trying to troubleshoot the DB_NOTFOUND error
> above ... the result was it still errored ) however, it seems the
> text=shadow context; no update referral may be the real issue.
>
>
> am i missing something in these configs in reguards to mirrormode?
>
> logs seem to indicate syncRep is talking, and access is allowed,
> but no write, and if i ldap add to node 1 ( with Rep commented out )
> then uncomment and restart both ( so node 1 has data but node2 does
> not, i can see syncRep talking, but node2 never picks up the changes )
>
> ok whew, sorry about all of that.. any ideas?
>
> using:
> openldap-2.3.27
> CentOS 5.2 2.6.18-92.el5 64
> db-4.7.25
> smbldap-tools-0.9.5-1
>
>
> was going to upgrade to the latest, but there are a ton
> of deps , so i though i'd ask forst..
>
>
> many many thanks!
>
>
>
> node1: slapd.conf
>
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/sudo.schema
> include /etc/openldap/schema/samba.schema
>
> loglevel -1
>
> # Allow LDAPv2 client connections. This is NOT the default.
> allow bind_v2
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> # Load dynamic backend modules:
> modulepath /usr/lib64/openldap
> moduleload back_bdb.la
> moduleload back_ldap.la
> moduleload back_ldbm.la
> moduleload back_passwd.la
> moduleload back_shell.la
>
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
> TLSCertificateFile /etc/openldap/slapdcert.pem
> TLSCertificateKeyFile /etc/openldap/slapdkey.pem
>
> access to *
> by dn.base="cn=Manager,dc=foobar,dc=com" read
> by * break
>
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
>
> database bdb
> suffix "dc=foobar,dc=com"
> rootdn "cn=Manager,dc=foobar,dc=com"
> rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
>
> directory /var/lib/ldap
>
> index objectclass,entryCSN,entryUUID eq
> index cn,sn,uid,displayName
> pres,sub,eq index
> uidNumber,gidNumber eq index
> sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index
> memberUid,mail,givenname eq,subinitial
>
> overlay syncprov
> syncprov-checkpoint 100 10
> syncprov-sessionlog 100
>
> # Global section
> serverID 1
> # database section
>
> # syncrepl directive
> syncrepl rid=001
> provider=ldap://ldap02.hq.foobar.com
> bindmethod=simple
> binddn="cn=Manager,dc=foobar,dc=com"
> credentials=morefoo
> searchbase="dc=foobar,dc=com"
> schemachecking=on
> type=refreshAndPersist
> retry="60 +"
>
> mirrormode on
>
>
> node2:
>
>
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/sudo.schema
> include /etc/openldap/schema/samba.schema
>
> loglevel -1
>
> # Allow LDAPv2 client connections. This is NOT the default.
> allow bind_v2
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> # Load dynamic backend modules:
> modulepath /usr/lib64/openldap
> moduleload back_bdb.la
> moduleload back_ldap.la
> moduleload back_ldbm.la
> moduleload back_passwd.la
> moduleload back_shell.la
>
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
> TLSCertificateFile /etc/openldap/slapdcert.pem
> TLSCertificateKeyFile /etc/openldap/slapdkey.pem
>
> access to *
> by dn.base="cn=Manager,dc=foobar,dc=com" read
> by * break
>
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
>
> database bdb
> suffix "dc=foobar,dc=com"
> rootdn "cn=Manager,dc=foobar,dc=com"
> rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXX
>
> directory /var/lib/ldap
>
> index objectclass,entryCSN,entryUUID eq
> index cn,sn,uid,displayName
> pres,sub,eq index
> uidNumber,gidNumber eq index
> sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index
> memberUid,mail,givenname eq,subinitial
>
> overlay syncprov
> syncprov-checkpoint 100 10
> syncprov-sessionlog 100
>
> # Global section
> serverID 2
> # database section
>
> # syncrepl directive
> syncrepl rid=001
> provider=ldap://ldap01.hq.foobar.com
> bindmethod=simple
> binddn="cn=Manager,dc=foobar,dc=com"
> credentials=morefoo
> searchbase="dc=foobar,dc=com"
> schemachecking=on
> type=refreshAndPersist
> retry="60 +"
>
> mirrormode on
>
>
>
5:18 a.m.
check the docs.
mirrormode is not available in 2.3.x
you have to use openldap 2.4.x
Jonas Haskins schrieb:
am i missing something in these configs in reguards to mirrormode?
logs seem to indicate syncRep is talking, and access is allowed,
but no write, and if i ldap add to node 1 ( with Rep commented out )
then uncomment and restart both ( so node 1 has data but node2 does not,
i can see syncRep talking, but node2 never picks up the changes )
ok whew, sorry about all of that.. any ideas?
using:
openldap-2.3.27
CentOS 5.2 2.6.18-92.el5 64
db-4.7.25
smbldap-tools-0.9.5-1
4561
days inactive
4563
days old
openldap-technical@openldap.org
3 comments
4 participants
participants (4)
-
Jonas Haskins -
Oliver Liebel -
Raul Libório -
Tyler Gates