I've been using slurpd for quite some time now with fairly good results however I wanted to take advantage of the newer features in syncrepl. Specifically the ability to have the slave push to the master.
I was able to set this up in relative short order using the example provided in http://www.openldap.org/doc/admin23/syncrepl.html
I start up my slave server and it does indeed grab all the database information from my master, however I can no longer write to my master server. What am i missing from the documentation?
If I try to add a simple ldif file it fails with the following error:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W
Enter LDAP Password:
adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Server is unwilling to perform (53) additional info: shadow context; no update referral
If I add an updateref to my slave slapd.conf pointing back to my master server the error changes to this:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Referral (10) referrals: ldap://myserver.aa.bb.cc:389/cn=replicate,ou=policies,dc=somedomain,dc=somedomain
Master syncrepl config #Syncrepl overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
Slave syncrepl config #SYNCREPL SETTINGS syncrepl rid=357 provider=ldap://myserver.aa.bb.cc:389 type=refreshAndPersist retry="60 10 300 +" searchbase="dc=somedomain,dc=somedomain" attrs="*,+" bindmethod=simple binddn="uid=replicator,ou=people,dc=somedomain,dc=somedomain" credentials=replicatorpassword
Michael,
Michael Starling schrieb am 18.02.2011 03:36 Uhr:
I've been using slurpd for quite some time now with fairly good results however I wanted to take advantage of the newer features in syncrepl. Specifically the ability to have the slave push to the master.
I was able to set this up in relative short order using the example provided in http://www.openldap.org/doc/admin23/syncrepl.html
I start up my slave server and it does indeed grab all the database information from my master, however I can no longer write to my master server. What am i missing from the documentation?
If I try to add a simple ldif file it fails with the following error:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Server is unwilling to perform (53) additional info: shadow context; no update referral
If I add an updateref to my slave slapd.conf pointing back to my master server the error changes to this:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Referral (10) referrals:
ldap://myserver.aa.bb.cc:389/cn=replicate,ou=policies,dc=somedomain,dc=somedomain
Are you really sure, you are talking to the master and not to the slave instead?
Marc
Yes. I'm on my Master server. What's interesting though is that if I go to my slave server and stop ldap I can then write to my master. Is there someway that I could be talking to my slave when I run ldapadd from my master?
-Mike
Date: Fri, 18 Feb 2011 09:53:24 +0100 From: hans.moser@ofd-z.niedersachsen.de To: mlstarling31@hotmail.com Subject: Re: Syncrepl in openldap 2.3.43 CC: openldap-technical@openldap.org
Michael,
Michael Starling schrieb am 18.02.2011 03:36 Uhr:
I've been using slurpd for quite some time now with fairly good results however I wanted to take advantage of the newer features in syncrepl. Specifically the ability to have the slave push to the master.
I was able to set this up in relative short order using the example provided in http://www.openldap.org/doc/admin23/syncrepl.html
I start up my slave server and it does indeed grab all the database information from my master, however I can no longer write to my master server. What am i missing from the documentation?
If I try to add a simple ldif file it fails with the following error:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Server is unwilling to perform (53) additional info: shadow context; no update referral
If I add an updateref to my slave slapd.conf pointing back to my master server the error changes to this:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Referral (10) referrals:
ldap://myserver.aa.bb.cc:389/cn=replicate,ou=policies,dc=somedomain,dc=somedomain
Are you really sure, you are talking to the master and not to the slave instead?
Marc
openldap-technical-bounces@openldap.org wrote on 18.02.2011 13:02:17:
Michael Starling mlstarling31@hotmail.com Gesendet von: openldap-technical-bounces@openldap.org
18.02.2011 13:12
An
hans.moser@ofd-z.niedersachsen.de
Kopie
openldap-technical@openldap.org
Thema
RE: Syncrepl in openldap 2.3.43
Yes. I'm on my Master server. What's interesting though is that if I go to my slave server and stop ldap I can then write to my master. Is there someway that I could be talking to my slave when I run ldapadd from my master?
-Mike
Date: Fri, 18 Feb 2011 09:53:24 +0100 From: hans.moser@ofd-z.niedersachsen.de To: mlstarling31@hotmail.com Subject: Re: Syncrepl in openldap 2.3.43 CC: openldap-technical@openldap.org
Michael,
Michael Starling schrieb am 18.02.2011 03:36 Uhr:
I've been using slurpd for quite some time now with fairly good
results
however I wanted to take advantage of the newer features in syncrepl.
Specifically the ability to have the slave push to the master.
I was able to set this up in relative short order using the example provided in http://www.openldap.org/doc/admin23/syncrepl.html
I start up my slave server and it does indeed grab all the database information from my master, however I can no longer write to my
master
server. What am i missing from the documentation?
If I try to add a simple ldif file it fails with the following error:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry
"cn=replicate,ou=policies,dc=somedomain,dc=somedomain"
ldapadd: Server is unwilling to perform (53) additional info: shadow context; no update referral
If I add an updateref to my slave slapd.conf pointing back to my
master
server the error changes to this:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry
"cn=replicate,ou=policies,dc=somedomain,dc=somedomain"
ldapadd: Referral (10) referrals:
ldap://myserver.aa.bb.cc:389/
cn=replicate,ou=policies,dc=somedomain,dc=somedomain
Are you really sure, you are talking to the master and not to the slave
instead?
Marc
Have you got a Load Balancer somewhere?
Mit freundlichen Grüßen Howard ALLISON
-------------------------- VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen bestimmt, an den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls Sie nicht der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen oder Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht irrtümlich erhalten haben, vernichten Sie sie bitte sofort.
CONFIDENTIALITY: This message is intended only for the use of the individuality or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure. If you are not the intended recipient you are notified that any dissemination, distribution, use or copying of this communication is strictly prohibited. If you received this message in error, please immediately destroy this message. --------------------------
Ok. I think i figured out my issue. Once I changed the uri directive on the master to point to itself first the problem resolved itself. I though that the uri directive was only a client setting and had no affect on the ldapadds.
-Mike
Subject: Antwort: RE: Syncrepl in openldap 2.3.43 To: openldap-technical@openldap.org From: howard.allison@pva.sozvers.at Date: Fri, 18 Feb 2011 13:18:01 +0100
openldap-technical-bounces@openldap.org wrote on 18.02.2011 13:02:17:
Michael Starling mlstarling31@hotmail.com
Gesendet von: openldap-technical-bounces@openldap.org
18.02.2011 13:12
An
Kopie
openldap-technical@openldap.org
Thema
RE: Syncrepl in openldap 2.3.43
Yes. I'm on my Master server. What's interesting though is that if I
go to my slave server and stop ldap I can then write to my master.
Is there someway that I could be talking to my slave when I run
ldapadd from my master?
-Mike
Date: Fri, 18 Feb 2011 09:53:24 +0100
From: hans.moser@ofd-z.niedersachsen.de
To: mlstarling31@hotmail.com
Subject: Re: Syncrepl in openldap 2.3.43
CC: openldap-technical@openldap.org
Michael,
Michael Starling schrieb am 18.02.2011 03:36 Uhr:
I've been using slurpd for quite some time now with fairly good results
however I wanted to take advantage of the newer features in syncrepl.
Specifically the ability to have the slave push to the master.
I was able to set this up in relative short order using the example
provided in http://www.openldap.org/doc/admin23/syncrepl.html
I start up my slave server and it does indeed grab all the database
information from my master, however I can no longer write to my master
server. What am i missing from the documentation?
If I try to add a simple ldif file it fails with the following error:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D
cn=root,dc=somedomain,dc=somedomain -W
Enter LDAP Password:
adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain"
ldapadd: Server is unwilling to perform (53)
additional info: shadow context; no update referral
If I add an updateref to my slave slapd.conf pointing back to my master
server the error changes to this:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D
cn=root,dc=somedomain,dc=somedomain -W
Enter LDAP Password:
adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain"
ldapadd: Referral (10)
referrals:
ldap://myserver.aa.bb.cc:389/
cn=replicate,ou=policies,dc=somedomain,dc=somedomain
Are you really sure, you are talking to the master and not to the slave
instead?
Marc
Have you got a Load Balancer somewhere?
Mit freundlichen Grüßen
Howard ALLISON
--------------------------
VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen bestimmt, an
den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls Sie nicht
der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die
unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen oder
Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht irrtümlich
erhalten haben, vernichten Sie sie bitte sofort.
CONFIDENTIALITY: This message is intended only for the use of the individuality or
entity to which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure. If you are not the intended recipient you are
notified that any dissemination, distribution, use or copying of this communication is
strictly prohibited. If you received this message in error, please immediately destroy
this message.
--------------------------
OK. This is getting more perplexing. If I have both servers running I can however go to my slave and run ldapadd. I have no idea whats going on at this point. -Mike
From: mlstarling31@hotmail.com To: hans.moser@ofd-z.niedersachsen.de Subject: RE: Syncrepl in openldap 2.3.43 Date: Fri, 18 Feb 2011 07:02:17 -0500 CC: openldap-technical@openldap.org
Yes. I'm on my Master server. What's interesting though is that if I go to my slave server and stop ldap I can then write to my master. Is there someway that I could be talking to my slave when I run ldapadd from my master?
-Mike
Date: Fri, 18 Feb 2011 09:53:24 +0100 From: hans.moser@ofd-z.niedersachsen.de To: mlstarling31@hotmail.com Subject: Re: Syncrepl in openldap 2.3.43 CC: openldap-technical@openldap.org
Michael,
Michael Starling schrieb am 18.02.2011 03:36 Uhr:
I've been using slurpd for quite some time now with fairly good results however I wanted to take advantage of the newer features in syncrepl. Specifically the ability to have the slave push to the master.
I was able to set this up in relative short order using the example provided in http://www.openldap.org/doc/admin23/syncrepl.html
I start up my slave server and it does indeed grab all the database information from my master, however I can no longer write to my master server. What am i missing from the documentation?
If I try to add a simple ldif file it fails with the following error:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Server is unwilling to perform (53) additional info: shadow context; no update referral
If I add an updateref to my slave slapd.conf pointing back to my master server the error changes to this:
[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W Enter LDAP Password: adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain" ldapadd: Referral (10) referrals:
ldap://myserver.aa.bb.cc:389/cn=replicate,ou=policies,dc=somedomain,dc=somedomain
Are you really sure, you are talking to the master and not to the slave instead?
Marc
openldap-technical@openldap.org
-
Howard Allison -
Marc Patermann -
Michael Starling