Hello,
I just try to set up the replication for cn=config using the example from the documentation: https://www.openldap.org/doc/admin24/replication.html
I have 3 Provider in an MMR with delta-syncrpl. Delta-syncrepl is working fine I can add and change objects from all three providers.
Then I set up the replication for cn=config. Here are the changes I made on all three providers: ----------- olcServerID: 1 ldap://hm-01.example.net olcServerID: 2 ldap://hm-02.example.net olcServerID: 3 ldap://hm-03.example.net ... # {0}config, config dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break olcRootDN: cn=admin,cn=config olcRootPW: {SSHA}Uyelb0kyqWuEqr4QmfvrpDaD7VYjeU8h olcSyncrepl: {0}rid=001 provider=ldap://hm-01.example.net binddn="cn=admin,cn= config" bindmethod=simple credentials=geheim searchbase="cn=config" type=ref reshAndPersist retry="5 5 300 5" timeout=1 starttls=yes olcSyncrepl: {1}rid=002 provider=ldap://hm-02.example.net binddn="cn=admin,cn= config" bindmethod=simple credentials=geheim searchbase="cn=config" type=refr eshAndPersist retry="5 5 300 5" timeout=1 starttls=yes olcSyncrepl: {2}rid=003 provider=ldap://hm-03.example.net binddn="cn=admin,cn= config" bindmethod=simple credentials=geheim searchbase="cn=config" type=refr eshAndPersist retry="5 5 300 5" timeout=1 starttls=yes olcMirrorMode: TRUE
# {0}syncprov, {0}config, config dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov ----------------
It's same on all three providers.
When I do a change on the first provider (hm-01) the change will be replicat to hm-02 and hm-03. But if I try to change or add an ACL on one either hm-02 or hm-03 the change will not be replicated to the other providers.
I'm using Debian 10 with the OpenLDAP-packages from debian-backport version 2.4.57.
Before setting up the replication for cn=config I checked that the configuration on all three providers are the same.
So what did I do wrong or did I miss something
Stefan
--On Sunday, April 11, 2021 3:44 PM +0200 Stefan Kania stefan@kania-online.de wrote:
Hello,
I just try to set up the replication for cn=config using the example from the documentation: https://www.openldap.org/doc/admin24/replication.html
I have 3 Provider in an MMR with delta-syncrpl. Delta-syncrepl is working fine I can add and change objects from all three providers.
Then I set up the replication for cn=config. Here are the changes I made on all three providers:
olcServerID: 1 ldap://hm-01.example.net olcServerID: 2 ldap://hm-02.example.net olcServerID: 3 ldap://hm-03.example.net
Before setting up the replication for cn=config I checked that the configuration on all three providers are the same.
I've stated repeatedly on this list that cn=config replication is not safe with OpenLDAP 2.4 and portions of it do not work.
Additionally, you'd need to provide what the logs show when making the change, as far as replication is concerned, to discern why it's failing. It could be to one of the issues already fixed for OpenLDAP 2.5, but without log info, there's no knowing.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah Gibson-Mount quanah@symas.com schrieb am 13.04.2021 um 18:35 in
Nachricht <04ACA14B0F04DF4022F94CA2@[192.168.1.156]>:
‑‑On Sunday, April 11, 2021 3:44 PM +0200 Stefan Kania <stefan@kania‑online.de> wrote:
Hello,
I just try to set up the replication for cn=config using the example from the documentation: https://www.openldap.org/doc/admin24/replication.html
I have 3 Provider in an MMR with delta‑syncrpl. Delta‑syncrepl is working fine I can add and change objects from all three providers.
Then I set up the replication for cn=config. Here are the changes I made on all three providers: ‑‑‑‑‑‑‑‑‑‑‑ olcServerID: 1 ldap://hm‑01.example.net olcServerID: 2 ldap://hm‑02.example.net olcServerID: 3 ldap://hm‑03.example.net
Before setting up the replication for cn=config I checked that the configuration on all three providers are the same.
I've stated repeatedly on this list that cn=config replication is not safe with OpenLDAP 2.4 and portions of it do not work.
As we are doing exactly that without any problem so far, could you please repeat what is unsafe?
Additionally, you'd need to provide what the logs show when making the change, as far as replication is concerned, to discern why it's failing. It could be to one of the issues already fixed for OpenLDAP 2.5, but without log info, there's no knowing.
Regards, Quanah
‑‑
Quanah Gibson‑Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
We restarted all systems and now it's running perfect. So where is the problem?
Am 14.04.21 um 07:45 schrieb Ulrich Windl:
Quanah Gibson-Mount quanah@symas.com schrieb am 13.04.2021 um 18:35 in
Nachricht <04ACA14B0F04DF4022F94CA2@[192.168.1.156]>:
‑‑On Sunday, April 11, 2021 3:44 PM +0200 Stefan Kania <stefan@kania‑online.de> wrote:
Hello,
I just try to set up the replication for cn=config using the example from the documentation: https://www.openldap.org/doc/admin24/replication.html
I have 3 Provider in an MMR with delta‑syncrpl. Delta‑syncrepl is working fine I can add and change objects from all three providers.
Then I set up the replication for cn=config. Here are the changes I made on all three providers: ‑‑‑‑‑‑‑‑‑‑‑ olcServerID: 1 ldap://hm‑01.example.net olcServerID: 2 ldap://hm‑02.example.net olcServerID: 3 ldap://hm‑03.example.net
Before setting up the replication for cn=config I checked that the configuration on all three providers are the same.
I've stated repeatedly on this list that cn=config replication is not safe with OpenLDAP 2.4 and portions of it do not work.
As we are doing exactly that without any problem so far, could you please repeat what is unsafe?
Additionally, you'd need to provide what the logs show when making the change, as far as replication is concerned, to discern why it's failing. It could be to one of the issues already fixed for OpenLDAP 2.5, but without log info, there's no knowing.
Regards, Quanah
‑‑
Quanah Gibson‑Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Wednesday, April 14, 2021 9:01 AM +0200 Stefan Kania stefan@kania-online.de wrote:
We restarted all systems and now it's running perfect. So where is the problem?
a) It shouldn't have required a restart
b) There are known issues with cn=config replication in 2.4. You can track them down in the bug tracker if you feel so inclined, I have other things to do with my time.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Stefan Kania -
Ulrich Windl