I've been following this page from the Ubuntu Server Guide with generally good results:
https://help.ubuntu.com/12.04/serverguide/openldap-server.html
Now I'm down to the replication section, at https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-serv... . So far it isn't working. First things first:
I create the following ldif file to configure the sync provider:
# Add indexes to the frontend db. dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: entryCSN eq - add: olcDbIndex olcDbIndex: entryUUID eq
#Load the syncprov and accesslog modules. dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: syncprov - add: olcModuleLoad olcModuleLoad: accesslog
# Accesslog database definitions dn: olcDatabase={2}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap/accesslog olcSuffix: cn=accesslog olcRootDN: cn=admin,dc=intranet,dc=seamanpaper,dc=com olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
# Accesslog db syncprov. dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE
# syncrepl Provider for primary db dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpNoPresent: TRUE
# accesslog overlay definitions for primary db dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogSuccess: TRUE # scan the accesslog DB every day, and purge entries older than 7 days olcAccessLogPurge: 07+00:00 01+00:00
The guide says you can test the provider with this command:
root@grackle:~# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base contextCSN dn:
root@grackle:~#
but as you see that doesn't return anything. However, this command does find it:
root@grackle:~# slapcat | grep -C 10 contextCSN objectClass: organization o: intranet.seamanpaper.com dc: intranet structuralObjectClass: organization entryUUID: 99e43416-73a1-1031-9d82-4f560555aca0 creatorsName: cn=admin,dc=intranet,dc=seamanpaper,dc=com createTimestamp: 20120805233244Z entryCSN: 20120805233244.262007Z#000000#000#000000 modifiersName: cn=admin,dc=intranet,dc=seamanpaper,dc=com modifyTimestamp: 20120805233244Z contextCSN: 20120829024252.920832Z#000000#000#000000
dn: cn=admin,dc=intranet,dc=seamanpaper,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9Nm9zUVlmUStzd1RCOVJCQXUyL3NhQURpYTZ1R0NuRC8= structuralObjectClass: organizationalRole entryUUID: 99e4f9fa-73a1-1031-9d83-4f560555aca0 creatorsName: cn=admin,dc=intranet,dc=seamanpaper,dc=com root@grackle:~#
Before I go on to figure out why the sync isn't working, why isn't the ldapsearch command above returning anything?
Thanks in advance for your help.
Without digging into your particular issue, I used this guide and was able to configure replication:
http://www.openldap.org/doc/admin24/
This most specifically for you right now:
http://www.openldap.org/doc/admin24/replication.html
On Wed, Aug 29, 2012 at 11:32:14AM -0400, Jeff Dickens wrote:
I've been following this page from the Ubuntu Server Guide with generally good results: [1]https://help.ubuntu.com/12.04/serverguide/openldap-server.html%EF%BF%BD Now I'm down to the replication section, at� [2]https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-serv.... �So far it isn't working. �First things first: I create the following ldif file to configure the sync provider:
# Add indexes to the frontend db. dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: entryCSN eq - add: olcDbIndex olcDbIndex: entryUUID eq #Load the syncprov and accesslog modules. dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: syncprov - add: olcModuleLoad olcModuleLoad: accesslog # Accesslog database definitions dn: olcDatabase={2}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap/accesslog olcSuffix: cn=accesslog olcRootDN: cn=admin,dc=intranet,dc=seamanpaper,dc=com olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart # Accesslog db syncprov. dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE # syncrepl Provider for primary db dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpNoPresent: TRUE # accesslog overlay definitions for primary db dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogSuccess: TRUE # scan the accesslog DB every day, and purge entries older than 7 days olcAccessLogPurge: 07+00:00 01+00:00The guide says you can test the provider with this command:
root@grackle:~# ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base contextCSN dn: root@grackle:~#but as you see that doesn't return anything. � However, this command does find it:
root@grackle:~# slapcat | grep -C 10 contextCSN objectClass: organization o: [3]intranet.seamanpaper.com dc: intranet structuralObjectClass: organization entryUUID: 99e43416-73a1-1031-9d82-4f560555aca0 creatorsName: cn=admin,dc=intranet,dc=seamanpaper,dc=com createTimestamp: 20120805233244Z entryCSN: 20120805233244.262007Z#000000#000#000000 modifiersName: cn=admin,dc=intranet,dc=seamanpaper,dc=com modifyTimestamp: 20120805233244Z contextCSN: 20120829024252.920832Z#000000#000#000000 dn: cn=admin,dc=intranet,dc=seamanpaper,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9Nm9zUVlmUStzd1RCOVJCQXUyL3NhQURpYTZ1R0NuRC8= structuralObjectClass: organizationalRole entryUUID: 99e4f9fa-73a1-1031-9d83-4f560555aca0 creatorsName: cn=admin,dc=intranet,dc=seamanpaper,dc=com root@grackle:~#Before I go on to figure out why the sync isn't working, why isn't the ldapsearch command above returning anything? Thanks in advance for your help. -- ���� Jeff Dickens ���� IT Manager����� 978-632-1513
References
Visible links
#Load the syncprov and accesslog modules. dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: syncprov
Are you using the Ubuntu OpenLDAP build?
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 24 Cormack Park, Rothienorman, Inverurie, Aberdeenshire, AB51 8GL.
Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
Do you know we have our own VoIP provider called SureVoIP? See http://www.surevoip.co.uk
Did you see our API news? http://www.surevoip.co.uk/news-events/surevoip-launches-innovative-api
On Wed, Aug 29, 2012 at 5:26 PM, Gavin Henry ghenry@suretecsystems.comwrote:
#Load the syncprov and accesslog modules. dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: syncprov
Are you using the Ubuntu OpenLDAP build?
I am.
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
.
. .
I got it working.. my problem was actually that my slave (a copy of the master's vm) had the master's hostname on 127.0.0.1 in /etc/hosts. Oops.
Works great now. I will be re-doing it to use TLS.
One thing that I did was add a checkpoint directive since the ubuntu server guide instructions didn't include one. I am not sure I got it right. I am still somewhat mystified by the correspondence between what you might put in slapd.conf and what ldif you need to get the same effect with the cn=config method.
dn: olcOverlay={0}syncprov,olcDatabase={2}hdb,cn=config add: olcSpCheckPoint olcSpCheckPoint: 100 10
openldap-technical@openldap.org
-
Christopher Wood -
Gavin Henry -
Jeff Dickens