[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replication problems


Todd Lyons wrote: 
Justin Crabtree wanted us to know:


	binddn=(rootdn)
	credentials=(rootdn password)



You'll probably get creamed by the list people for this.  It's bad to
use the rootdn for replication.

Make an entry for replication and then use that.  Here's mine:

smtp2 bin # ldapsearch -x -hldap2 -b 'dc=ivenue,dc=net' -D
'cn=pam,dc=ivenue,dc=net' -W cn=master
Enter LDAP Password: # extended LDIF
#
# LDAPv3
# base <dc=ivenue,dc=net> with scope sub
# filter: cn=master
# requesting: ALL
#

# master, ivenue.net
dn: cn=master,dc=ivenue,dc=net
objectClass: person
sn: master
cn: master
userPassword:: base_64_crypt_password

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Here's from the master slapd.conf:
replica uri=ldap://ldap1.ivenue.net:389
        binddn="cn=master,dc=ivenue,dc=net"
        bindmethod=simple credentials=obscured
replica uri=ldap://ldap2.ivenue.net:389
        binddn="cn=master,dc=ivenue,dc=net"
        bindmethod=simple credentials=obscured
replogfile /var/lib/openldap-slurp/replication.log


Here's from the slave slapd.conf:
updatedn cn=master,dc=ivenue,dc=net

It's no more complicated than that.  I'd be interested in why you chose
to do it with the rootdn if you chose to do it that way.

I know it is not recommended, but this system is halfway between testing and production and I haven't gotten around to setting up a seperate account for replication. I just wanted to get replication working, then worry about doing it the right way. Plus, we kind of got pushed into implementing our LDAP server before we had time to test everything. I have been chasing other more critical problems and using the rootdn was the easy way to get something working. I know that using the rootdn for replication is not recommended, but it shouldn't be causing the problem I am currently experiencing, should it?



Justin Crabtree
Java Programmer
Ozarks Technical Community College
799-1573