On 18.08.2010 17:16, Rein Tollevik wrote:
On 08/18/2010 04:28 PM, Elmar Marschke wrote:
Here's the logfile of MASTER: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ===_BEGIN_CHANGES_WHILE_BOTH_UP_=== Aug 18 15:30:04 ldapmaster slapd[8017]: slap_queue_csn: queing 0x7f00f317b580 20100818133004.663851Z#000000#000#000000
Your ServerID setting is incorrect, and you are using the default ServerID=0 on both systems. The ServerID is included in the csn value, the second to last number (#000# here). Ensure that the ServerID URL is the exact hostname of the systems it runs on, or that slapd is able to select the correct sid based on its -h listener argument.
Start slapd with -d config and verify that both logs lines with differing SID= values.
Rein
Hi all,
thanks to your hints i think i got it working now :)
Several details had to be changed. Perhaps someone has similar problems, so in the following i give a detailed description what had to be done in my case. Everything was executed on two freshly out-of-the-box installed openSuSE 11.3 x86_64 with SuSE-shipped openldap 2.4.21.
First; according the inaccurate time on my testmachines: i deleted the openSuSE ntp.conf and additionally now i use other ntp servers as timesync source. Complete ntp.conf on ldapmaster and ldapslave now is: ----------------------------------------------------- server ptbtime1.ptb.de prefer server ptbtime2.ptb.de tinker panic 0 driftfile /var/lib/ntp/drift/ntp.drift
This results in less different offset values: --------------------------------------------- ldapmaster:/etc/openldap # ntpq -p; ssh ldapslave ntpq -p remote refid offset ======================================== *ptbtime1.ptb.de .PTB. -1.218 +ptbtime2.ptb.de .PTB. -1.305 remote refid offset ========================================== *ptbtime1.ptb.de .PTB. -0.381 +ptbtime2.ptb.de .PTB. 0.203 ldapmaster:/etc/openldap #
Second problem: the missing or wrong serverID in the csn values. To make clear what obviously helped i will describe how i create(d) my slapd.d/ online configuration. (My original slapd.conf was taken from the "openldap 2.4" book by Oliver Liebel & John Martin Ungar -- thanks Oliver :)! ------------------------------------------------------------ ldapmaster:/etc/openldap # slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ hdb_db_open: database "dc=local,dc=site": db_open(/var/lib/ldap//id2entry.bdb) failed: No such file or directory (2). backend_startup_one (type=hdb, suffix="dc=local,dc=site"): bi_db_open failed! (2) slap_startup failed (test would succeed using the -u switch) ------------------------------------------------------------
The following rcldap start every time resulted in: -------------------------------------------------- ldapmaster:/etc/openldap # rcldap start Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1
failed -------------------------------------
and in /var/log/messages was written: -------------------------------------- Aug 26 15:47:22 ldapmaster slapd[7805]: @(#) $OpenLDAP: slapd 2.4.21 (Jul 5 2010 13:35:22) $#012#011abuild@build16:/usr/src/packages/BUILD/openldap-2.4.21/servers/slapd Aug 26 15:47:22 ldapmaster slapd[7805]: olcSyncrepl: value #0: <olcSyncrepl> invalid URL Aug 26 15:47:22 ldapmaster slapd[7805]: config error processing olcDatabase={0}config,cn=config: <olcSyncrepl> invalid URL Aug 26 15:47:22 ldapmaster slapd[7805]: slapd stopped. Aug 26 15:47:22 ldapmaster slapd[7805]: connections_destroy: nothing to destroy.
I greped for "olcSyncrepl" in slapd.d: --------------------------------------- ldapmaster:/etc/openldap # grep -r olcSyncrepl slapd.d/ slapd.d/cn=config/cn=schema.ldif:olcAttributeTypes: ( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY caseIgnoreMatc slapd.d/cn=config/cn=schema.ldif: olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $ olcUpdateDN slapd.d/cn=config/olcDatabase={0}config.ldif:olcSyncrepl: rid=003 provider=ldap://ldapmaster.local.site uri="" bindmethod=s slapd.d/cn=config/olcDatabase={0}config.ldif:olcSyncrepl: rid=004 provider=ldap://ldapslave.local.site uri="" bindmethod=si slapd.d/cn=config/olcDatabase={1}hdb.ldif:olcSyncrepl: rid=001 provider=ldap://ldapmaster.local.site uri="" bindmethod=s slapd.d/cn=config/olcDatabase={1}hdb.ldif:olcSyncrepl: rid=002 provider=ldap://ldapslave.local.site uri="" bindmethod=si ldapmaster:/etc/openldap #
Some internet research told me, that the empty uri="" should be the problem, and that it would help to remove it. BEFORE i always removed it; and right; starting of openldap worked then. BUT apparently this also leads to the missing serverID in my csn values (respectively that they all had default "000"). NOW i changed those config.ldif and hdb.ldif files from slapd.d (in which grep found the string "olcSyncrepl"), to give uri an appropriate value.
Open each file, search for "uri". It's found two times in every file. Before each occurence there's a variable "provider", which is set to something. For example in slapd.d/cn=config/olcDatabase={0}config.ldif : provider=ldap://ldapmaster.local.site uri="" and provider=ldap://ldapslave.local.site uri=""
The value of provider ALSO has to be put into uri, that afterwards it looks like: provider=ldap://ldapmaster.local.site uri="ldap://ldapmaster.local.site" and provider=ldap://ldapslave.local.site uri="ldap://ldapslave.local.site"
I did it on every machine (no file copy from one to another). After that; "rcldap start" (also) works without problems.
But that still was not enough... Third thing to do: additionally on each machine make slapd start with "-h" parameter correctly set; like Rein and Jonathan wrote. According to the SuSE-way of configuration (like it or not, but in this case i don't have a choice ;)) this can be done in /etc/sysconfig/openldap: set OPENLDAP_SLAPD_PARAMS correctly on every machine; e.g. on master:
OPENLDAP_SLAPD_PARAMS="-h ldap://ldapmaster.local.site"
And, by the way, to make sure that ONLY online configuration style (slapd.d) is used; one can set OPENLDAP_CONFIG_BACKEND from "" to: OPENLDAP_CONFIG_BACKEND="ldap"
This all together seems to solve the problem. Now LDAP-Objects can be altered, removed and added on one of both machines while the other one is down; and all changes are replicated as soon as the "downed" machine comes back up again. (At least in my tests until now ;))!
Thanks for your time, and best regards.. elmar
openldap-technical@openldap.org