Searching through the archives, helpful information, but I wasn't able to find anything that quite matched my issue. Some background, I am running CentOS 7 with OpenLDAP version 2.4.40 and I have been following along a tutorial I found here:
http://linoxide.com/linux-how-to/setup-openldap-multi-master-replication-cen...
everything goes well, of course,until the very last step where I have to add the replication information, I recreated this ldif:
dn: cn=config changetype: modify replace: olcServerID olcServerID: 101 ldap://lri-ldap1 olcServerID: 201 ldap://lri-ldap2 olcServerID: 301 ldap://lri-ldap3 olcServerID: 401 ldap://lri-ldap4
dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://lri-ldap1:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=002 provider=ldap://lri-ldap2:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=003 provider=ldap://lri-ldap3:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=004 provider=ldap://lri-ldap4:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 - add: olcMirrorMode olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
and then ldapmodify -Y EXTERNAL -H ldapi:/// -f rp.ldif on all 4 masters, and what I get is, they are all just sitting there not providing me with a prompt:
[root@lri-ldap4 openldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f rp.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
and I cannot tell what it is actually doing at this stage. I check systemctl status spald:
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 RESULT tag=97 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 MOD dn="cn=config" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 MOD attr=olcServerID May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 RESULT tag=103 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 MOD dn="olcDatabase={2}hdb,cn=config" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 MOD attr=olcSyncRepl olcMirrorMode May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 RESULT tag=103 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=3 ADD dn="olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
And that's where it stops, but I never get a prompt on any of the masters. Has anyone else seen this? Where did I go wrong? And how can I move forward?
Thanks in advance Michael
===================================
Please consider the environment before printing this e-mail
Cleveland Clinic is ranked as one of the top hospitals in America by U.S.News & World Report (2015). Visit us online at http://www.clevelandclinic.org for a complete listing of our services, staff and locations.
Confidentiality Note: This message is intended for use only by the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy.
Thank you.
On 05/08/2017 05:51 PM, Weiner, Michael wrote:
Searching through the archives, helpful information, but I wasn't able to find anything that quite matched my issue. Some background, I am running CentOS 7 with OpenLDAP version 2.4.40 and I have been following along a tutorial I found here:
http://linoxide.com/linux-how-to/setup-openldap-multi-master-replication-cen...
everything goes well, of course,until the very last step where I have to add the replication information, I recreated this ldif:
dn: cn=config changetype: modify replace: olcServerID olcServerID: 101 ldap://lri-ldap1 olcServerID: 201 ldap://lri-ldap2 olcServerID: 301 ldap://lri-ldap3 olcServerID: 401 ldap://lri-ldap4
dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://lri-ldap1:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=002 provider=ldap://lri-ldap2:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=003 provider=ldap://lri-ldap3:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 olcSyncRepl: rid=004 provider=ldap://lri-ldap4:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00
add: olcMirrorMode olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
and then ldapmodify -Y EXTERNAL -H ldapi:/// -f rp.ldif on all 4 masters, and what I get is, they are all just sitting there not providing me with a prompt:
[root@lri-ldap4 openldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f rp.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
and I cannot tell what it is actually doing at this stage. I check systemctl status spald:
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 RESULT tag=97 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 MOD dn="cn=config" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 MOD attr=olcServerID May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 RESULT tag=103 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 MOD dn="olcDatabase={2}hdb,cn=config" May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 MOD attr=olcSyncRepl olcMirrorMode May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 RESULT tag=103 err=0 text= May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=3 ADD dn="olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
And that's where it stops, but I never get a prompt on any of the masters. Has anyone else seen this? Where did I go wrong? And how can I move forward?
It is not clear what do you mean by prompt. What you expect to happen ? Is the database dc=lerner,dc=ccf,dc=org empty ? What is the loglevel ? try to set it to stats and sync and check the syslog.
olcLogLevel: stats olcLogLevel: sync
openldap-technical@openldap.org
-
Alex M -
Weiner, Michael