[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7691) syncrepl does not work with names start with depth
This is a multi-part message in MIME format.
--------------040706000700030201020504
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
One more thing. The entry with "cn=depth" name won't sync only when
adding entries to ou=mailinglist. Somehow it is ok with ou=people.
"Master" LDAP configuration:
/Include /go/to/core.schema//
//Include /go/to/cosine.schema//
//Include /go/to/inetorgperson.schema//
//Include /go/to/nis.schema//
//Include /go/to/samba.schema//
//Include /go/to/test.schema//
//pidfile /go/to/slapd.pid//
//argsfile /go/to/slapd.args/
TLSCipherSuite HIGH:MEDIUM:+SSLv2
/TLSCACertificateFile /go/to/ldap.pem//
//TLSCertificateFile /go/to/ldap.pem//
//TLSCertificateKeyFile /go/to/ldap.key/
access to attrs=userPassword
by self write
by users read
by peername.ip=127.0.0.1 read
by peername.ip=10.X.0.0%255.255.0.0 read
by peername.ip=172.X.129.132 read
by peername.ip=172.X.1.109 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=X.X.68.0%255.255.255.0 read
by anonymous auth
access to attrs=cryptPassword,md5Password,shadowLastChange
by self write
by users read
by peername.ip=127.0.0.1 read
by peername.ip=10.217.0.0%255.255.0.0 read
by peername.ip=172.X.129.132 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=X.X.68.0%255.255.255.0 read
by anonymous none
access to dn.subtree="ou=zgroups,dc=test,dc=com
by dn.base="cn=webXXX,ou=people,dc=test,dc=com" write
by self read
by users read
by peername.ip=127.0.0.1 read
by peername.ip=10.X.0.0%255.255.0.0 read
by peername.ip=X.X.X.0%255.255.255.0 read
by peername.ip=172.X.129.132 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by anonymous none
access to *
by self read
by users read
by peername.ip=127.0.0.1 read
by peername.ip=10.X.0.0%255.255.0.0 read
by peername.ip=172.X.129.132 read
by peername.ip=172.X.1.109 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=172.X.0.0%255.255.0.0 read
by peername.ip=X.X.68.0%255.255.255.0 read
by anonymous none
# Database backend configuration.
allow bind_v2
database bdb
password-hash {CRYPT}
directory /go/to/ldap-master
suffix "dc=test,dc=com"
rootdn "cn=root,dc=test,dc=com"
rootpw secret
index objectClass,uid,uidNumber,entryCSN,entryUUID pres,eq
# Configure syncrepl (provider)
overlay syncprov
syncprov-checkpoint 1 1 # <ops> <minutes>
syncprov-sessionlog 100 # <max number of session logs>
"Slave" LDAP configuration:
include /usr/local/openldap/etc/openldap/schema/core.schema
include //usr/local/openldap/etc/openldap/schema/test.schema/
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap/etc/openldap/schema/nis.schema
include /usr/local/openldap/etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
allow bind_v2
pidfile /usr/local/openldap/var/run/slapd.pid
argsfile /usr/local/openldap/var/run/slapd.args
loglevel 256
moduleload back_hdb.la
moduleload syncprov.la
moduleload back_monitor.la
moduleload back_ldap.la
access to *
by self write
by users read
by peername.ip=127.0.0.1 read
by peername.ip=172.20.201.0%255.255.255.0 read
by anonymous read
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix /"dc=test,dc=com"/
rootdn "cn=Manager,/dc=test,dc=com"/
rootpw secret
directory /usr/local/openldap/var/openldap-data
# Indices to maintain
index cn,sn,uid pres,eq,approx,sub
index objectClass eq
index entryCSN,entryUUID eq
syncrepl rid=1
provider=/ldap://ldap-master.com/
type=refreshOnly
interval=00:00:00:30
searchbase=/"dc=test,dc=com"/
scope=sub
schemachecking=off
bindmethod=simple
binddn=/"cn=ldaplogin,ou=people,dc=test,dc=com"/
credentials=/secret/
On 09/12/13 05:57, Quanah Gibson-Mount wrote:
> --On Wednesday, September 11, 2013 8:03 AM +0000
> chewcs@bii.a-star.edu.sg wrote:
>
>> Full_Name: Chew Chee Siang
>> Version: slapd 2.4.36
>> OS: CentOS 6.4
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (123.136.68.2)
>>
>>
>> The setup is a master-slave configuration
>> Whenever a new user with name starting with "depth" is created at
>> master,
>> the record will not be sync to slave using syncrepl.
>> The other records are ok.
>> For e.g. cn=depth-maker,ou=people,dc=tt,dc=com
>> or cn=depth,ou=people,dc=tt,dc=com
>
> Provide your configuration minus passwords.
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
> Lead Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
--------------040706000700030201020504
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">One more thing. The entry with
"cn=depth" name won't sync only when adding entries to
ou=mailinglist. Somehow it is ok with ou=people.<br>
<br>
<br>
<br>
"Master" LDAP configuration:<br>
<i>Include /go/to/core.schema</i><i><br>
</i><i>Include /go/to/cosine.schema</i><i><br>
</i><i>Include /go/to/inetorgperson.schema</i><i><br>
</i><i>Include /go/to/nis.schema</i><i><br>
</i><i>Include /go/to/samba.schema</i><i><br>
</i><i>Include /go/to/test.schema</i><i><br>
</i><i>pidfile /go/to/slapd.pid</i><i><br>
</i><i>argsfile /go/to/slapd.args</i><br>
<br>
TLSCipherSuite HIGH:MEDIUM:+SSLv2<br>
<i>TLSCACertificateFile /go/to/ldap.pem</i><i><br>
</i><i>TLSCertificateFile /go/to/ldap.pem</i><i><br>
</i><i>TLSCertificateKeyFile /go/to/ldap.key</i><br>
<br>
access to attrs=userPassword<br>
by self write<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=10.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.129.132 read<br>
by peername.ip=172.X.1.109 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=X.X.68.0%255.255.255.0 read<br>
by anonymous auth<br>
<br>
access to attrs=cryptPassword,md5Password,shadowLastChange<br>
by self write<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=10.217.0.0%255.255.0.0 read<br>
by peername.ip=172.X.129.132 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=X.X.68.0%255.255.255.0 read<br>
by anonymous none<br>
<br>
access to dn.subtree="ou=zgroups,dc=test,dc=com<br>
by dn.base="cn=webXXX,ou=people,dc=test,dc=com" write<br>
by self read<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=10.X.0.0%255.255.0.0 read<br>
by peername.ip=X.X.X.0%255.255.255.0 read<br>
by peername.ip=172.X.129.132 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by anonymous none<br>
<br>
access to *<br>
by self read<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=10.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.129.132 read<br>
by peername.ip=172.X.1.109 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=X.X.68.0%255.255.255.0 read<br>
by anonymous none<br>
<br>
# Database backend configuration.<br>
<br>
allow bind_v2<br>
database bdb<br>
password-hash {CRYPT}<br>
directory /go/to/ldap-master<br>
suffix "dc=test,dc=com"<br>
rootdn "cn=root,dc=test,dc=com"<br>
rootpw secret<br>
index objectClass,uid,uidNumber,entryCSN,entryUUID pres,eq<br>
<br>
# Configure syncrepl (provider)<br>
<br>
overlay syncprov<br>
syncprov-checkpoint 1 1 # <ops> <minutes><br>
syncprov-sessionlog 100 # <max number of session
logs><br>
<br>
<br>
<br>
<br>
"Slave" LDAP configuration:<br>
include /usr/local/openldap/etc/openldap/schema/core.schema<br>
include <i>/usr/local/openldap/etc/openldap/schema/test.schema</i><br>
include /usr/local/openldap/etc/openldap/schema/cosine.schema<br>
include
/usr/local/openldap/etc/openldap/schema/inetorgperson.schema<br>
include /usr/local/openldap/etc/openldap/schema/nis.schema<br>
include /usr/local/openldap/etc/openldap/schema/samba.schema<br>
<br>
<br>
# Define global ACLs to disable default read access.<br>
allow bind_v2<br>
<br>
pidfile /usr/local/openldap/var/run/slapd.pid<br>
argsfile /usr/local/openldap/var/run/slapd.args<br>
loglevel 256<br>
moduleload back_hdb.la<br>
moduleload syncprov.la<br>
moduleload back_monitor.la<br>
moduleload back_ldap.la<br>
<br>
access to *<br>
by self write<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=172.20.201.0%255.255.255.0 read<br>
by anonymous read<br>
<br>
#######################################################################<br>
# BDB database definitions<br>
#######################################################################<br>
<br>
database bdb<br>
suffix <i>"dc=test,dc=com"</i><br>
rootdn "cn=Manager,<i>dc=test,dc=com"</i><br>
rootpw secret<br>
directory /usr/local/openldap/var/openldap-data<br>
<br>
# Indices to maintain<br>
index cn,sn,uid pres,eq,approx,sub<br>
index objectClass eq<br>
<br>
<br>
index entryCSN,entryUUID eq<br>
syncrepl rid=1<br>
provider=<i><a class="moz-txt-link-freetext" href="ldap://ldap-master.com";>ldap://ldap-master.com</a></i><br>
type=refreshOnly<br>
interval=00:00:00:30<br>
searchbase=<i>"dc=test,dc=com"</i><br>
scope=sub<br>
schemachecking=off<br>
bindmethod=simple<br>
binddn=<i>"cn=ldaplogin,ou=people,dc=test,dc=com"</i><br>
credentials=<i>secret</i><br>
<br>
<br>
On 09/12/13 05:57, Quanah Gibson-Mount wrote:<br>
</div>
<blockquote cite="mid:75FEF2DB661402B3EB284EDD@%5B192.168.1.22%5D"
type="cite">--On Wednesday, September 11, 2013 8:03 AM +0000
<a class="moz-txt-link-abbreviated" href="mailto:chewcs@bii.a-star.edu.sg";>chewcs@bii.a-star.edu.sg</a> wrote:
<br>
<br>
<blockquote type="cite">Full_Name: Chew Chee Siang
<br>
Version: slapd 2.4.36
<br>
OS: CentOS 6.4
<br>
URL: <a class="moz-txt-link-freetext" href="ftp://ftp.openldap.org/incoming/";>ftp://ftp.openldap.org/incoming/</a>
<br>
Submission from: (NULL) (123.136.68.2)
<br>
<br>
<br>
The setup is a master-slave configuration
<br>
Whenever a new user with name starting with "depth" is created
at master,
<br>
the record will not be sync to slave using syncrepl.
<br>
The other records are ok.
<br>
For e.g. cn=depth-maker,ou=people,dc=tt,dc=com
<br>
or cn=depth,ou=people,dc=tt,dc=com
<br>
</blockquote>
<br>
Provide your configuration minus passwords.
<br>
<br>
--Quanah
<br>
<br>
<br>
<br>
--
<br>
<br>
Quanah Gibson-Mount
<br>
Lead Engineer
<br>
Zimbra, Inc
<br>
--------------------
<br>
Zimbra :: the leader in open source messaging and collaboration
<br>
<br>
</blockquote>
<br>
</body>
</html>
--------------040706000700030201020504--