[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl, database is not complete...

To: Alain Siani <asiani@free.fr>
Subject: Re: syncrepl, database is not complete...
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Sun, 17 Feb 2008 20:32:07 +0100
Cc: ldap <openldap-technical@openldap.org>
In-reply-to: <47B82E75.8050908@free.fr> (Alain Siani's message of "Sun, 17 Feb 2008 13:54:13 +0100")
References: <47B82E75.8050908@free.fr>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Alain Siani <asiani@free.fr> writes:

> Hello,
>
> My problem :
> I would like to have a replication server and i don't understand why all data
> are not copied to the replication server,
> i use rootdn to do sync...i should be able to copy all data...it start to copy
> but don't copy all data...
>
> LDAP version :
> Source and copy are the same server : openldap-2.3.27-8
>
> see below for configuration files,
>
> thks for your help !
> Alain
>
> Source server :
>
> include        /etc/openldap/schema/core.schema
> include        /etc/openldap/schema/cosine.schema
> include        /etc/openldap/schema/inetorgperson.schema
> include        /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/rfc822-MailMember.schema
> include        /etc/openldap/schema/gosa/gofon.schema
> include         /etc/openldap/schema/gosa/samba3.schema
> include     /etc/openldap/schema/gosa/pureftpd.schema
> include        /etc/openldap/schema/gosa/gohard.schema
> include     /etc/openldap/schema/gosa/goto.schema
> include         /etc/openldap/schema/gosa/gosa+samba3.schema
> include        /etc/openldap/schema/gosa/gofax.schema
> include        /etc/openldap/schema/gosa/goserver.schema
> include         /etc/openldap/schema/sfe.schema
>
> loglevel    256
> password-hash {CRYPT}

Don't use crypt! Because you never know which crypt library is linked
against your application, but this is only one of many reasons.

> allow bind_v2

This is not recommended, LDAPv3 is out for more than 10 years now,
LDAPv2 is historic! 

> pidfile        /var/run/openldap/slapd.pid
> argsfile    /var/run/openldap/slapd.args
>
> access to *
>     by * read
>
> database    bdb
> suffix dc=domain,dc=com
> rootdn cn=Manager,dc=domain,dc=com
> rootpw {SSHA}Lcrkf43J0AU3rXGtMRk5iHAMXHuweL4R

This is nonsens if you declare password hash crypt.

> loglevel 256
> schemacheck off

why do you want schema check disabled?
>

> syncrepl rid=123
>         provider=ldap://10.0.0.242:389
>         type=refreshOnly
>         interval=00:00:05:00
>         searchbase="dc=domain,dc=com"
>         filter="(objectclass=*)"
>         attrs="*"
>         scope=sub
>         schemachecking=off
>     updatedn="cn=Manager,dc=domain,dc=com"
>         bindmethod=simple
>         binddn="cn=Manager,dc=domain,dc=com"
>         credentials=xxxx

you need operational attributes and user attributes to be
synchronized, that is, if you want to define a attribute filter it
should be attrs="*","+", but read man slapd.conf(5) on syncrepl
filters.
updatedn is not required with syncrepl, never ever use rootdn to
control synchonization, because no access control comes into effect.
I'm missing a updateref declaration and a declaration of limits.


-Dieter 

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Follow-Ups:
- Re: syncrepl, database is not complete...
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: syncrepl, database is not complete...
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

References:
- syncrepl, database is not complete...
  - From: Alain Siani <asiani@free.fr>

Prev by Date: syncrepl, database is not complete...
Next by Date: Re: syncrepl, database is not complete...
Index(es):
- Chronological
- Thread