[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd replication problmes

To: Almir Karic <redduck666@gmail.com>
Subject: Re: slurpd replication problmes
From: Oliver Liebel <oliver@itc.li>
Date: Fri, 30 May 2008 16:51:19 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <e5697b5d0805300500y44e9e7b2pb9df9b94d9b3a6a2@mail.gmail.com>
References: <e5697b5d0805300500y44e9e7b2pb9df9b94d9b3a6a2@mail.gmail.com>
User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

"TLS: unable to get peer certificate." - check if your name resolution is working correct and if the cn in the user certificates are identical to the fqhns of the hosts.

refereral chasing:
- check if you used the correct
fqhn in the referral object in the the dit of the master.
and it looks like you got no superior referral-statement in your
slaves slapd.conf.

overlay chain offers an easy way to setup automatic referral
chasing and id assertion to get a "writeable" slave or consumer.

anyway you should upgrade to the lastest 2.3.* version,
and compile it from the scratch, because the
openldap packages from most distributions are out of date
an compiled with unnecessary dependencies.

and think about changing your replication to syncrepl,
since slurpd is really outdated, and syncrepl is way more stable
and flexible.

Almir Karic schrieb:

i'm trying to set up the repliacation with openldap 2.3 (using the one
debian etch), when i add things to master everything is fine, it
replicates it to slave just fine, on the other hand when i add things
to slave it simply writes it to it's own tree.


here is slapd.conf of the slave (stripped of any comments):

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
modulepath      /usr/lib/ldap
moduleload      back_bdb
sizelimit 500
tool-threads 1
backend         bdb
checkpoint 512 30
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/ldap/cacert.pem
TLSCertificateFile /etc/ldap/servercrt.pem
TLSCertificateKeyFile /etc/ldap/serverkey.pem
loglevel stats
database        bdb
suffix          "dc=kiberpipa,dc=org"
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index           objectClass eq
lastmod         on
access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=kiberpipa,dc=org" write
        by anonymous auth
        by self write
        by * none
access to dn.base="" by * read
access to *
        by dn="cn=admin,dc=kiberpipa,dc=org" write
        by * read
updatedn        "cn=admin,dc=kiberpipa,dc=org"
updateref       "ldaps://chat.kiberpipa.org:636"

with this command "ldapadd -d 65535 -WxD
'cn=admin,dc=kiberpipa,dc=org' -f /tmp/b00" (on slave) i'm getting
http://static.kiberpipa.org/~redduck666/local_adding.txt with
"ldapadd -d 65535 -WxD 'cn=admin,dc=kiberpipa,dc=org' -f /tmp/b00 -H
ldaps://chat.kiberpipa.org:636" i get
http://static.kiberpipa.org/~redduck666/add_to_master.txt (passing it
the same password they write to


i have seen the certificate error there, if i change the ldap.conf on
slave to point to ldap:// instead of ldaps:// that error goes away,
however it still doesn't touch master.


i also read i really shouldn't set updatedn to be the same as rootdn,
well, tried changing it and granting full priviledges to the newly
created account, no difference


any pointers appreciated :-)


____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.3959 from 30.05.2008
Virus news: www.antiviruslab.com

References:
- slurpd replication problmes
  - From: "Almir Karic" <redduck666@gmail.com>

Prev by Date: Multithreaded LDAP client
Next by Date: Re: Log system
Index(es):
- Chronological
- Thread