Hello,
I have a two actifs nodes LDAP cluster with replication stablished and working properly. The problem is when trying to check replication status I have no contextCSN returned in any of the nodes. This is the command executed to get replication status and that should return contextCSN values if executed in both nodes (but it returns nothing) :
ldapsearch -x -LLL -H ldaps:// -s base -b 'dc=domain,dc=com' contextCSN dn: dc=domain,dc=com This is the replication configuration in node1 (is the same in node 2 excepting the rid and the hostname:
syncrepl rid=001 provider=ldaps://HOSTNAME bindmethod=simple binddn="uid=user,ou=group,dc=domain,dc=com" credentials=PASSWORD searchbase="dc=domain,dc=com" attrs="*,+" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 +" mirrormode on
These are the values supossed to be indexed, configured in the slapd.confon both servers
index objectClass,entryCSN,entryUUID eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub And the synchronisation options (also in slapd.conf)
overlay syncprov syncprov-checkpoint 50 1 syncprov-sessionlog 50 I'm using dbd database. OpendLDAP 2.4.44 from LTB project and CentOS 7 as OS.
Any clue of what I'm missing ?
Thank you in advance Best regards
Abel
Am Thu, 15 Mar 2018 09:00:48 +0000 schrieb "Abel FERNANDEZ" abel.fernandez@consertotech.pro:
Hello,
I have a two actifs nodes LDAP cluster with replication stablished and working properly. The problem is when trying to check replication status I have no contextCSN returned in any of the nodes. This is the command executed to get replication status and that should return contextCSN values if executed in both nodes (but it returns nothing) :
ldapsearch -x -LLL -H ldaps:// -s base -b 'dc=domain,dc=com'contextCSN dn: dc=domain,dc=com This is the replication configuration in node1 (is the same in node 2 excepting the rid and the hostname:
you may search for all operational attributes of the base entry. ldapsearch -x -H ldaps://<host> -b dc=domain,dc=com -s base +
-Dieter
Hello,
The command does not generate any output. But finaly I found a procedure to "resolve" the issue.
I have a 2 nodes pcs cluster. This are the steps followed :
1. Set one of the nodes on maintenance
pcs cluster standby NODE-2
2. Generate a backup of llap databases with the command below :
/usr/local/openldap/sbin/slapcat -f /usr/local/openldap/etc/openldap/slapd.conf -b dc=domanin,dc=com -l openldap_backup.ldif
Notice that if I try to generate the ackup with the command "/usr/local/openldap/sbin/slapcat -f /usr/local/openldap/etc/openldap/slapd.conf -l openldap_backup.ldif" I had the following error :
The first database does not allow slapcat; using the first available one (2)
3. Stop slapd service and remove al .dbd files under /usr/local/openldap/var/openldap-data/
4. Restart slapd service and import the backup
5. Stop replication on NODE-1 and
6. Put out of maintenance NODE-2
7. Put on maintenance NODE-1
8. Erase all .dbd files on NODE 1
9. Restart the slapd service at the same time that I activate again replication
10. Everything is finally OK
I think my .dbd files where corrupted, but no clue about the reason, nothing meaningful on the logs
Thanks anyway to anyone that help me to resolve the issue
If someone has another method I will be happy to know it
Have a nice day !
Best regards
Abel
16 mars 2018 18:41 "Dieter Klünter" a écrit:
Am Thu, 15 Mar 2018 09:00:48 +0000 schrieb "Abel FERNANDEZ" :
Hello,
I have a two actifs nodes LDAP cluster with replication stablished and working properly. The problem is when trying to check replication status I have no contextCSN returned in any of the nodes. This is the command executed to get replication status and that should return contextCSN values if executed in both nodes (but it returns nothing) :
ldapsearch -x -LLL -H ldaps:// -s base -b 'dc=domain,dc=com' contextCSN dn: dc=domain,dc=com This is the replication configuration in node1 (is the same in node 2 excepting the rid and the hostname:
you may search for all operational attributes of the base entry. ldapsearch -x -H ldaps:// -b dc=domain,dc=com -s base +
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
openldap-technical@openldap.org
-
Abel FERNANDEZ -
Dieter Klünter