People,
I am currently trying to setup a multi-master ldap setup. The setup is running on CentOS 5.1 with kernel 2.6.18-53.el5. In this setup I have migrated the UNIX authentication files using MigrationTools and everything worked fine. When I am trying to setup the replication I am encountering a strange behavior. The initial synchronization was performed by copying /var/lib/ldap directory when openldap was shutdown. On starting both nodes query each other and everything seems operating correctly. When I perform a change on either node, the node performs the local change however it is not propagated on the other node and in the /var/log/ldap.log I get the following message:
When ever the change is made on ldap1 it reports:
Jan 23 10:10:43 ldap1 slapd[5787]: null_callback : error code 0x10
Jan 23 10:10:43 ldap1 slapd[5787]: syncrepl_updateCookie: rid=002 be_modify failed (16)
When ever the change is made on ldap2 it reports:
Jan 23 10:40:31 ldap2 slapd[5677]: null_callback : error code 0x10
Jan 23 10:40:31 ldap2 slapd[5677]: syncrepl_updateCookie: rid=002 be_modify failed (16)
Setup details:
cd /root/ldap_inst
tar xvzf db-4.6.21.tar.gz
tar xvzf openldap-2.4.7.tgz
cd db-4.6.21
cd build_unix/
../dist/configure --prefix=/usr
make clean (as root)
make (as root)
cd /usr/share/libtool/libltdl
configure --prefix=/usr
make
make install (as root)
cd /root/ldap_install/openldap-2.4.7
./configure --prefix=/usrd /usr/share/libtool/libltdl./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin --mandir=/usr/share/man --with-tls --without-cyrus-sasl -enable-modules -enable-bdb=mod -enable-hdb=mod -enable-ldap=mod --enable-crypt
make depend
make
make install (as root)
This procedure was completed on two nodes, namely ldap1 and ldap2. This slapd.conf of each nodes is as follows:
Ldap1:
cat /etc/openldap/slapd.conf | grep -v ^# | grep -v ^$
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
modulepath /usr/sbin/openldap
moduleload back_bdb.la
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/slapd-cert-ldap1.pem
TLSCertificateKeyFile /etc/openldap/slapd-key-ldap1.pem
serverID 1 ldap://ldap1:389/
serverID 2 ldap://ldap2:389/
database bdb
suffix "dc=linuxldap,dc=org"
rootdn "cn=Manager,dc=linuxldap,dc=org"
rootpw secret
directory /var/lib/ldap
checkpoint 128 15
cachesize 10000
dncachesize 5000
idlcachesize 30000
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index objectClass,entryUUID,entryCSN eq
#syncRepl rid=001
# provider=ldap://ldap1:389
# binddn="cn=Manager,dc=linuxldap,dc=org"
# bindmethod=simple
# credentials=secret
# searchbase="dc=linuxldap,dc=org"
# type=refreshOnly
# interval=00:00:00:05
# retry="5 5 300 5"
# timeout=1
syncRepl rid=002
provider=ldap://ldap2:389
binddn="cn=Manager,dc=linuxldap,dc=org"
bindmethod=simple
credentials=secret
searchbase="dc=linuxldap,dc=org"
type=refreshOnly
interval=00:00:00:05
retry="5 5 300 5"
timeout=1
mirrormode true
sockbuf_max_incoming 5000
sockbuf_max_incoming_auth 5000
database monitor
Ldap2:
cat /etc/openldap/slapd.conf | grep -v ^# | grep -v ^$
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
modulepath /usr/sbin/openldap
moduleload back_bdb.la
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/slapd-cert-ldap1.pem
TLSCertificateKeyFile /etc/openldap/slapd-key-ldap1.pem
serverID 1 ldap://ldap1:389/
serverID 2 ldap://ldap2:389/
database bdb
suffix "dc=linuxldap,dc=org"
rootdn "cn=Manager,dc=linuxldap,dc=org"
rootpw secret
directory /var/lib/ldap
checkpoint 128 15
cachesize 10000
dncachesize 5000
idlcachesize 30000
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index objectClass,entryUUID,entryCSN eq
syncRepl rid=001
provider=ldap://ldap1:389
binddn="cn=Manager,dc=linuxldap,dc=org"
bindmethod=simple
credentials=secret
searchbase="dc=linuxldap,dc=org"
type=refreshOnly
interval=00:00:00:05
retry="5 5 300 5"
timeout=1
#syncRepl rid=002
# provider=ldap://ldap2:389
# binddn="cn=Manager,dc=linuxldap,dc=org"
# bindmethod=simple
# credentials=secret
# searchbase="dc=linuxldap,dc=org"
# type=refreshOnly
# interval=00:00:00:05
# retry="5 5 300 5"
# timeout=1
mirrormode true
sockbuf_max_incoming 5000
sockbuf_max_incoming_auth 5000
database monitor
Regards,
Kenneth Penza
cd /root/ldap_install/openldap-2.4.7
./configure --prefix=/usrd /usr/share/libtool/libltdl./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin --mandir=/usr/share/man --with-tls --without-cyrus-sasl -enable-modules -enable-bdb=mod -enable-hdb=mod -enable-ldap=mod --enable-crypt
make depend
make
always do "make test" after make.
make install (as root)
Penza Kenneth at MITTS skrev, on 23-01-2008 11:06:
I am currently trying to setup a multi-master ldap setup.The setup is running on CentOS 5.1 with kernel 2.6.18-53.el5. In this setup I have migrated the UNIX authentication files using MigrationTools and everything worked fine. When I am trying to setup the replication I am encountering a strange behavior. The initial synchronization was performed by copying /var/lib/ldap directory when openldap was shutdown. On starting both nodes query each other and everything seems operating correctly. When I perform a change on either node, the node performs the local change however it is not propagated on the other node and in the /var/log/ldap.log I get the following message:
When ever the change is made on ldap1 it reports:
Jan 23 10:10:43 ldap1 slapd[5787]: null_callback : error code 0x10
Jan 23 10:10:43 ldap1 slapd[5787]: syncrepl_updateCookie: rid=002 be_modify failed (16)
Apart from what Gavin writes, since you're using CentOS5.1, consider using Buchan Milne's Red Hat RHEL5 rpms or src rpm at http://staff.telkomsa.net/packages/. He's done an awful lot of work (has done for years) and patched things that need patching (apart from anything else db4.6) which should ensure things working out of the box on your system.
Best,
--Tonni
openldap-technical@openldap.org
-
Gavin Henry -
Penza Kenneth at MITTS -
Tony Earnshaw