Replication OpenLDAP... - openldap-technical

13 May 2011


      Hi all,
I'm setting up a Master and Slave OpenLDAP (ver. 2.4.25) use
Replication method following
https://help.ubuntu.com/community/OpenLDAPServer. When i used slapdcat
(slapdcat -l master_dump.ldif), I got a messeage:
root@ldap:/usr/local/openldap/sbin# ./slapcat -l master_dump.ldif
/usr/local/openldap/etc/openldap/slapd.conf: line 89:  keyword is obsolete
(ignored)
 /usr/local/openldap/etc/openldap/slapd.conf: line 91:  keyword
is obsolete (ignored)
 bdb_db_open: warning - no DB_CONFIG file found in
directory /usr/local/openldap/var/openldap-data: (2).
 Expect poor
performance for suffix "dc=abc,dc=com".
 bdb_monitor_db_open: monitoring
disabled; configure monitor database to enable
What i'm doing wrong?
Please help...
My Master slapd.conf is:
# Require 112-bit (3DES or
better) encryption for updates
 # Require 63-bit encryption for simple
bind
 # security ssf=1 update_ssf=112 simple_bind=64
# Sample access
control policy:
 # Root DSE: allow anyone to read it
 # Subschema
(sub)entry DSE: allow anyone to read it
 # Other DSEs:
 # Allow self write
access
 # Allow authenticated users read access
 # Allow anonymous users to
authenticate
 # Directives needed to implement policy:
 # access to
dn.base="" by * read
 # access to dn.base="cn=Subschema" by * read
 #
access to *
 # by self write
 # by users read
 # by anonymous auth
 #
 # if
no access controls are present, the default policy
 # allows anyone and
everyone to read anything but restricts
 # updates to rootdn. (e.g.,
"access to * by * read")
 #
 # rootdn can always read and write
EVERYTHING!
# CA signed certificate and server cert entries:
TLSCipherSuite HIGH:MEDIUM:+SSLv3
 TLSCACertificateFile
/var/myCA/cacert.crt
 TLSCertificateFile /var/myCA/master_ldap_crt.pem
TLSCertificateKeyFile /var/myCA/master_ldap_key.pem
# Use the following
if client authentication is required
 #TLSVerifyClient demand
 # ... or not
desired at all
 TLSVerifyClient never
#######################################################################
 #
BDB database definitions
#######################################################################
database bdb
 suffix "dc=abc,dc=com"
 rootdn "cn=rootldap,dc=abc,dc=com"
 #
Cleartext passwords, especially for the rootdn, should
 # be avoid. See
slappasswd(8) and slapd.conf(5) for details.
 # Use of strong
authentication encouraged.
 rootpw 123456789
 # The database directory MUST
exist prior to running slapd AND
 # should only be accessible by the slapd
and slap tools.
 # Mode 700 recommended.
 directory
/usr/local/openldap/var/openldap-data
 # Indices to maintain
 index
objectClass eq
index uid eq 
index cn,gn,mail eq,sub
index sn
eq,sub
index ou eq
replogfile
/usr/local/openldap/var/openldap-data/replogfile
replica
uri="ldaps://mail1.abc.com" starttls=yes bindmethod=simple
binddn="cn=rootldap,dc=abc,dc=com" credentials="123456789"
My Slave
slapd.conf is similar configuraion to the Master
Server...
***********************************
 EVERYTHING HAS JUST
BEGUN...