Hello, This is my first post to this list and unfortunately I come here with a problem. I'm not new to LDAP but I am new to OpenLDAP especially the 2.4 release. I am trying to get multi master replication working and I've read the documentation several times. I did wonder if this might be a bug but I still think it's probably a misunderstanding on my part.
I have 2 servers configured for multi master replcation which I will refer to as server A and B. If I start both servers I can make changes on server A which are immediately replicated to server B. However if I then start making changes to server B I don't see replication back to A. The same thing happens if I initiate replication from B, then replication to A works but not the other way around. i.e. replication only works in 1 direction which is determined by which server I make changes on first. I am using slapd.conf as I didn't want to complicate matters by introducing online config. The specific version is 2.4.31. Connectivity between the servers is working fine - I can perform LDAP operations in both directions. If someone could take a look at my config I'd much appreciate it.
Thanks Neil
#slapd.conf Server A (10.5.1.110)
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
include /usr/local/openldap/etc/schema/core.schema include /usr/local/openldap/etc/schema/cosine.schema include /usr/local/openldap/etc/schema/solaris.schema include /usr/local/openldap/etc/schema/inetorgperson.schema include /usr/local/openldap/etc/schema/DUAConfigProfile.schema include /usr/local/openldap/etc/schema/sudo.schema
modulepath /usr/local/openldap/libexec moduleload syncprov.la
access to attrs=userPassword by self write by * auth by dn="cn=ldapclient,ou=profile,dc=example,dc=com" write
access to dn.base="" by * read
access to * by self write by users read by anonymous read
serverID 1
database hdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw {SSHA}pnqaqMcoMhnDbSRa9WAgDbhBMr/QnUGY lastmod on
directory /usr/local/openldap/var/openldap-data
index objectclass,uid,uidNumber,memberUid,entryCSN,entryUUID,automountKey eq index cn,sn,gn,mail eq,sub
syncrepl rid=001 provider=ldap://10.7.82.3 type=refreshAndPersist searchbase="dc=example,dc=com" attrs="*,+" bindmethod=simple binddn="cn=manager,dc=example,dc=com" credentials="secret"
mirrormode TRUE
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 #######################################################
#slapd.conf server B (10.7.82.3)
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
include /usr/local/openldap/etc/schema/core.schema include /usr/local/openldap/etc/schema/cosine.schema include /usr/local/openldap/etc/schema/solaris.schema include /usr/local/openldap/etc/schema/inetorgperson.schema include /usr/local/openldap/etc/schema/DUAConfigProfile.schema include /usr/local/openldap/etc/schema/sudo.schema
modulepath /usr/local/openldap/libexec
moduleload syncprov.la
access to attrs=userPassword by self write by * auth by dn="cn=ldapclient,ou=profile,dc=example,dc=com" write
access to dn.base="" by * read
access to * by self write by users read by anonymous read
serverID 2
database hdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw {SSHA}pnqaqMcoMhnDbSRa9WAgDbhBMr/QnUGY lastmod on
directory /usr/local/openldap/var/openldap-data
index objectclass,uid,uidNumber,memberUid,entryCSN,entryUUID,automountKey eq index cn,sn,gn,mail eq,sub
syncrepl rid=001 provider=ldap://10.5.1.110 type=refreshAndPersist searchbase="dc=example,dc=com" attrs="*,+" bindmethod=simple binddn="cn=manager,dc=example,dc=com" credentials="secret"
mirrormode TRUE
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 #######################################################
openldap-technical@openldap.org
-
Neil Mcbennett