Hello,
I am having an issue getting the OpenLDAP to replicate using syncrepl. Basically, after configuring the consumer I can start the slapd process but I see no replication happening. Do you have a sample configuration file that can provide more info? Is there anything required on the master?
Thanks,
Luis
--On Friday, March 20, 2009 11:09 AM -0500 Luis Castillo lcastillo@emergenow.com wrote:
Hello,
I am having an issue getting the OpenLDAP to replicate using syncrepl. Basically, after configuring the consumer I can start the slapd process but I see no replication happening. Do you have a sample configuration file that can provide more info? Is there anything required on the master?
Did you read the admin guide? It has example in it.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Yes, I read the admin guide and changed the parameters required. I am pointing to the right server and port and I tested the connection to the master by using an LDAP browser but it's still not replicating.
______________________ Luis Castillo Infrastructure Consultant - BPM Practice Emerging Solutions 203-273-0430 -----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Friday, March 20, 2009 12:50 PM To: Luis Castillo; openldap-technical@openldap.org Subject: Re: OpenLDAP Syncrepl issue
--On Friday, March 20, 2009 11:09 AM -0500 Luis Castillo lcastillo@emergenow.com wrote:
Hello,
I am having an issue getting the OpenLDAP to replicate using syncrepl. Basically, after configuring the consumer I can start the slapd
process
but I see no replication happening. Do you have a sample configuration file that can provide more info? Is there anything required on the master?
Did you read the admin guide? It has example in it.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
"Luis Castillo" lcastillo@emergenow.com writes:
Yes, I read the admin guide and changed the parameters required. I am pointing to the right server and port and I tested the connection to the master by using an LDAP browser but it's still not replicating.
[ This is a constant problem of top quoting. ]
I am having an issue getting the OpenLDAP to replicate using syncrepl. Basically, after configuring the consumer I can start the slapd
process
but I see no replication happening. Do you have a sample configuration file that can provide more info? Is there anything required on the master?
Did you read the admin guide? It has example in it.
Set debug level to sync
-Dieter
Dieter Kluenter wrote:
"Luis Castillo" lcastillo@emergenow.com writes:
Yes, I read the admin guide and changed the parameters required. I am pointing to the right server and port and I tested the connection to the master by using an LDAP browser but it's still not replicating.
[ This is a constant problem of top quoting. ]
I am having an issue getting the OpenLDAP to replicate using syncrepl. Basically, after configuring the consumer I can start the slapd
process
but I see no replication happening. Do you have a sample configuration file that can provide more info? Is there anything required on the master?
On the master You have to load the syncprov overlay. see: http://www.openldap.org/doc/admin24/overlays.html#Sync Provider
example from there:
overlay syncprov syncprov-checkpoint 100 10
Also check, that Your replicating server can read the all entrys You want to replicate from the master server. eg. do a ldapsearch -x -h YOUR_MASTERSERVER -b YOUR_SEARCHBASE from the replicating LDAP-server example: ldapsearch -xh master.example.org -b dc=example,dc=org
If no entrys are returned check permissions on the master. see: http://www.openldap.org/doc/admin24/access-control.html and man 5 slapd.access If not all entrys are returned, check sizelimit on the master. The default value for sizelimit is 500 Entrys, meaning that not more than 500 entrys are returnd for a search request. look for "sizelimit" in man 5 slapd.conf
Here an simple example for the synrepl part of the client slapd.conf You can start with: syncrepl rid=111 provider="ldap://master.example.org" bindmethod=simple searchbase="dc=example,dc=org" filter="(objectClass=*)" schemachecking=off scope=sub type=refreshAndPersist interval=00:00:01:00 retry="60 10 300 10" updateref "ldap://master.example.org"
Edit rid, provider, searchbase and updateref for Your needs. After getting it running, You can play with other parameters.
Did you read the admin guide? It has example in it.
Set debug level to sync
-Dieter
- Klaus
Hi Quanah,
Is it possible to have a script run upon an LDAP dir modification?
This is my scenario;
1 - Drupal based web site used to add/remove users from an OpenLDAP server. 2 - I then manually run zmexternaldirsync to auto provision users to ZimbaLDAP based on entries in OpenLDAP (reason for this email to you).
We use OpenLDAP as our workstation auth (Linux, OSX and Windows) directory service and ZimbraLDAP as our collaboration service (mail, calendering).
My goal is to automate the Zimbra user provisioning, croning the zmexternaldirsync script isn't a good option in my case. Ideally, the zmexternaldirsync script would run "after" any OpenLDAP dir modification.
I did create a Zimbra server to do Windows/Linux/OSX user authentications but in the end felt this solution was fraught with potential issues not to mention that I couldn't get our Drupal site to talk to Zimbra.
The Drupal modules; ldap_integration and ldap_provisioning work great on a standard OpenLDAP installation so this is the route I prefer.
Anyways, your advice would greatly be appreciated.
Thanks in advance, - Brian
--On Friday, March 20, 2009 4:20 PM -0700 Brian Krusic brian@krusic.com wrote:
Hi Quanah,
Is it possible to have a script run upon an LDAP dir modification?
This is my scenario;
1 - Drupal based web site used to add/remove users from an OpenLDAP server. 2 - I then manually run zmexternaldirsync to auto provision users to ZimbaLDAP based on entries in OpenLDAP (reason for this email to you).
We use OpenLDAP as our workstation auth (Linux, OSX and Windows) directory service and ZimbraLDAP as our collaboration service (mail, calendering).
My goal is to automate the Zimbra user provisioning, croning the zmexternaldirsync script isn't a good option in my case. Ideally, the zmexternaldirsync script would run "after" any OpenLDAP dir modification.
I did create a Zimbra server to do Windows/Linux/OSX user authentications but in the end felt this solution was fraught with potential issues not to mention that I couldn't get our Drupal site to talk to Zimbra.
The Drupal modules; ldap_integration and ldap_provisioning work great on a standard OpenLDAP installation so this is the route I prefer.
Anyways, your advice would greatly be appreciated.
You can use the Net::LDAPapi perl module as a delta-syncrepl client that performs actions based off modifications to the directory. Which would include being able to have it modify another directory.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Hi Quanah,
Thanks for the reply.
I did some research and am completely unsure how to start this.
The docs I found seemed complicated for what I would like to do.
All I need is to run an external script upon a change to my ldap directory.
Do you have other ideas?
- Brian
On Mar 20, 2009, at 4:42 PM, Quanah Gibson-Mount wrote:
--On Friday, March 20, 2009 4:20 PM -0700 Brian Krusic <brian@krusic.com
wrote:
Hi Quanah,
Is it possible to have a script run upon an LDAP dir modification?
This is my scenario;
1 - Drupal based web site used to add/remove users from an OpenLDAP server. 2 - I then manually run zmexternaldirsync to auto provision users to ZimbaLDAP based on entries in OpenLDAP (reason for this email to you).
We use OpenLDAP as our workstation auth (Linux, OSX and Windows) directory service and ZimbraLDAP as our collaboration service (mail, calendering).
My goal is to automate the Zimbra user provisioning, croning the zmexternaldirsync script isn't a good option in my case. Ideally, the zmexternaldirsync script would run "after" any OpenLDAP dir modification.
I did create a Zimbra server to do Windows/Linux/OSX user authentications but in the end felt this solution was fraught with potential issues not to mention that I couldn't get our Drupal site to talk to Zimbra.
The Drupal modules; ldap_integration and ldap_provisioning work great on a standard OpenLDAP installation so this is the route I prefer.
Anyways, your advice would greatly be appreciated.
You can use the Net::LDAPapi perl module as a delta-syncrepl client that performs actions based off modifications to the directory. Which would include being able to have it modify another directory.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
--On Friday, March 20, 2009 9:23 PM -0700 Brian Krusic brian@krusic.com wrote:
Hi Quanah,
Thanks for the reply.
I did some research and am completely unsure how to start this.
The docs I found seemed complicated for what I would like to do.
All I need is to run an external script upon a change to my ldap directory.
Do you have other ideas?
You could write an overlay to do it. See the slapo-auditlog overlay for some guidelines. But I think the syncrepl client is probably the better solution long term, however one decides to implement it (I.e., it certainly doesn't have to be done in perl).
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Brian Krusic -
Dieter Kluenter -
Klaus Lemkau -
Luis Castillo -
Quanah Gibson-Mount