a newbie trying to get the basics of syncrepl going - openldap-technical

23 Feb 2010


      I'm an admitted ldap lightweight but have been able to bring up an ldap server and populate it with the contents of my /etc/passwd file.  Now I want to set up a replica on another machine using sync replication and am having a few issues getting it to work.  My most recent success was getting simple authentication working because before it was failing and now it's not so I've at least gotten that far.  Here's what my replication section looks like in ldap.conf:
syncrepl rid=123
    provider=ldap://10.99.99.99:389
    type=refreshOnly
    interval=01:00:00:00
    searchbase="dc=myldap,dc=com"
    filter="(objectClass=account)"
    scope=sub
    schemachecking=off
    updatedn="cn=replica,dc=myldap,dc=com"
    bindmethod=simple
    binddn="uid=lsfadmin,ou=People,dc=myldap,dc=com"
    credentials=Something
I'm pretty sure I have the search parameters set correctly because if I run:
ldapsearch -x -h 10.99.99.99 -b 'dc=myldap,dc=com' -A uid
it dumps all my uids.
The part I'm on clear on is how to define things on the slave side.  For example I have the main part of the conf set the same on the master, just to make things easy on me and so I have the following which is exactly how I have the master set up.
database        bdb
suffix          "dc=myldap,dc=com"
rootdn          "cn=Manager,dc=myldap,dc=com"
rootpw          {SSHA}ZmTfiKLVf8X5GERsT3b3AoB3/hFV3l7R
directory       /var/lib/ldap
I'm guessing my problem may be with updatedn="cn=replica,dc=myldap,dc=com", but I'm not sure what it should be and whether or not I have to prime the replica with any special authentication to be able to write to it.
If I run "ldapsearch -x -b 'dc=myldap,dc=com'" against the replica it comes up empty so I'm sure nothing is getting replicated.  Further if I run the slave slapd with -d128 I get:
[root@hpdc3dmgt1 ~]# slapd -d 128
@(#) $OpenLDAP: slapd 2.3.43 (Nov  6 2008 02:53:24) $
        brewbuilder@hs20-bc1-5.build.redhat.com:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
slapd starting
request done: ld 0x2ac52b507c70 msgid 1
=> bdb_entry_get: cannot find entry: "dc=myldap,dc=com"
do_syncrep2: rid 123got search entry without control
do_syncrepl: rid 123 quitting
but I have no idea where it's looking for the entry, on the master or the slave?  But I do have that entry on the master.
I'm sure I'm doing something wrong but am also hoping it's relatively minor.
-mark