Re: Ldap ppolicy schema entries

["Aravind Arjunan" <aravind.arjunan@gmail.com>]

Am still facing issue while configuring ldap in master slave for replication.

am using openldap 2.2 version.

OS: RHEL 4.0

And am trying to configure master slave replication thro slurpd method.

i had configured my master slapd.conf and slave slave slapd.conf.

similarly i configured master and slave ldap.conf.

After that i stopped the service in master and slave by

[root@server ~]# service ldap stop

Stopping slapd: [ OK ]

Stopping slurpd: [ OK ]

[root@server ~]#

similarly in slave also.

then i copied the database manually using slapcat

[root@server openldap]# slapcat -b "dc=example,dc=com" -v -l example.com.ldif

# id=00000001

# id=00000003

[root@server openldap]# scp example.com.ldif root@151.2.119.133:/var/lib/ldap/example.com/

root@151.2.119.133's password:

example.com.ldif 100% 747 0.7KB/s 00:00

[root@server openldap]#

 

In slave :

[root@slave openldap]# slapadd -b "dc=example,dc=com" -v -l example.com.ldif

added: "dc=example,dc=com" (00000001)

added: "cn=Manager,dc=example,dc=com" (00000002)

[root@slave openldap]#

but when i create a user in ldapmaster and check that user in slave,i was not able to found.

there was no log in replogfile.

[root@server ~]# useradd test

[root@server ~]# passwd test

Changing password for user test.

New UNIX password:

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@server ~]#

In slave

[root@slave openldap]# id test

id: test: No such user

 Here is my configuration files

master slapd.conf

=============

#######################################################################

# ldbm and/or bdb database definitions

#######################################################################

database bdb

#The base of your directory

suffix "dc=example,dc=com"

#where the database files are physically stored

directory "/var/lib/ldap/example.com"

#Distinguished name,not subject to access control

rootdn "cn=Manager,dc=example,dc=com"

rootpw password

# Cleartext passwords, especially for the rootdn, should

# be avoided. See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

# rootpw secret

# rootpw {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

 

# Indices to maintain for this database

index objectClass eq,pres

index ou,cn,mail,surname,givenname eq,pres,sub

index uidNumber,gidNumber,loginShell eq,pres

index uid,memberUid eq,pres,sub

index nisMapName,nisMapEntry eq,pres,sub

# Replicas of this database

replica uri=ldap://=151.2.119.133:389

suffix="dc=example,dc=com"

binddn="cn=syncuser,dc=example,dc=com"

bindmethod=simple credentials=hcllch

replogfile /var/lib/ldap/replogfile

#ACL's

access to attrs=userpassword

by self write

by anonymous auth

by dn="cn=syncuser,dc=example,dc=com" read

by * auth

access to *

by self write

by dn="cn=syncuser,dc=example,dc=com" read

by * read

#replogfile /var/lib/ldap/openldap-master-replog

#replica host=ldap-1.example.com:389 starttls=critical

# bindmethod=sasl saslmech=GSSAPI

# authcId=host/ldap-master.example.com@EXAMPLE.COM

[root@server openldap]#

 

Slave slapd.conf

==============

#######################################################################

# ldbm and/or bdb database definitions

#######################################################################

database bdb

#The base of your directory

suffix "dc=example,dc=com"

#where the database files are physically stored

#directory "/var/lib/ldap/ldap-test"

#Distinguished name,not subject to access control

rootdn "cn=Manager,dc=example,dc=com"

rootpw password

 

# Cleartext passwords, especially for the rootdn, should

# be avoided. See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

# rootpw secret

# rootpw {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended

updatedn cn=syncuser,dc=example,dc=com

updateref ldap://151.2.119.120

directory /var/lib/ldap/example.com

access to attrs=userpassword

by self write

by anonymous auth

by dn="cn=syncuser,dc=example,dc=com" write

by * auth

access to *

by self write

by dn="cn=syncuser,dc=example,dc=com" write

by * read

 

# Indices to maintain for this database

index objectClass eq,pres

index ou,cn,mail,surname,givenname eq,pres,sub

index uidNumber,gidNumber,loginShell eq,pres

index uid,memberUid eq,pres,sub

index nisMapName,nisMapEntry eq,pres,sub

# Replicas of this database

#replogfile /var/lib/ldap/openldap-master-replog

#replica host=ldap-1.example.com:389 starttls=critical

# bindmethod=sasl saslmech=GSSAPI

# authcId=host/ldap-master.example.com@EXAMPLE.COM

[root@slave openldap]#

 

Master ldap.conf

==============

#

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

#BASE dc=example, dc=com

#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12

#TIMELIMIT 15

#DEREF never

host 151.2.119.120 151.2.119.133

base dc=example,dc=com

binddn cn=Manager,dc=example,dc=com

bindpw password

bind_policy soft

pam_password expo

 

 

Slave ldap.conf

==============

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

#BASE dc=example, dc=com

#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12

#TIMELIMIT 15

#DEREF never

host 151.2.119.133 151.2.119.120

base dc=example,dc=com

binddn cn=Manager,dc=example,dc=com

bindpw password

 

bind_policy soft

pam_password expo