[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: a newbie trying to get the basics of syncrepl going



On 23/02/2010 22:26, Seger, Mark wrote:
I’m an admitted ldap lightweight but have been able to bring up an ldap
server and populate it with the contents of my /etc/passwd file. Now I
want to set up a replica on another machine using sync replication and
am having a few issues getting it to work. My most recent success was
getting simple authentication working because before it was failing and
now it’s not so I’ve at least gotten that far. Here’s what my
replication section looks like in ldap.conf:

syncrepl rid=123

provider=ldap://10.99.99.99:389

type=refreshOnly

interval=01:00:00:00

searchbase="dc=myldap,dc=com"

filter="(objectClass=account)"

scope=sub

schemachecking=off

updatedn="cn=replica,dc=myldap,dc=com"

bindmethod=simple

binddn="uid=lsfadmin,ou=People,dc=myldap,dc=com"

credentials=Something

I’m pretty sure I have the search parameters set correctly because if I run:

ldapsearch -x -h 10.99.99.99 -b 'dc=myldap,dc=com' -A uid

it dumps all my uids.

The part I’m on clear on is how to define things on the slave side. For
example I have the main part of the conf set the same on the master,
just to make things easy on me and so I have the following which is
exactly how I have the master set up.

database bdb

suffix "dc=myldap,dc=com"

rootdn "cn=Manager,dc=myldap,dc=com"

rootpw {SSHA}ZmTfiKLVf8X5GERsT3b3AoB3/hFV3l7R

directory /var/lib/ldap

I’m guessing my problem may be with
updatedn="cn=replica,dc=myldap,dc=com", but I’m not sure what it should
be and whether or not I have to prime the replica with any special
authentication to be able to write to it.

If I run “ldapsearch -x -b 'dc=myldap,dc=com'” against the replica it
comes up empty so I’m sure nothing is getting replicated. Further if I
run the slave slapd with –d128 I get:

[root@hpdc3dmgt1 ~]# slapd -d 128

@(#) $OpenLDAP: slapd 2.3.43 (Nov 6 2008 02:53:24) $

brewbuilder@hs20-bc1-5.build.redhat.com:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd

slapd starting

request done: ld 0x2ac52b507c70 msgid 1

=> bdb_entry_get: cannot find entry: "dc=myldap,dc=com"

do_syncrep2: rid 123got search entry without control

do_syncrepl: rid 123 quitting

but I have no idea where it’s looking for the entry, on the master or
the slave? But I do have that entry on the master.

I’m sure I’m doing something wrong but am also hoping it’s relatively minor.

Don't forget that syncrepl is pull-based replication. That is, the slave connects to the master and gets data.

In light of this, check your configuration for:
- the syncrepl statement above in the *slave* slapd.conf
- a "overlay syncprov" in the *master* slapd.conf (plus any configuration you may want) - the "updatedn" element in your syncrepl statement should not be necessary. As the man page stipulates: "It is only needed in certain push-mode replication scenarios."

This should get things going, if not, please post back here with more details on any errors you have (log file extracts).

Hope this helps,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------