[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8521) Cannot have replication working after setting up the replication config in slapd.d
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8521) Cannot have replication working after setting up the replication config in slapd.d
- From: elecharny@gmail.com
- Date: Fri, 21 Oct 2016 22:02:43 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Is it just me, or the ITS WebUI is removing part of the message I typed ?
Anyway, here is the complete descripton :
Replication won't start if we set it up on running servers configured wit=
h
slapd.d. The scenario is the following :
o We have 2 servers, one will become the provider, the other the consumer
o They are initially empty%2ususing MDB (see the attached configurations,
converted from slapd.conf to slapd.d)
o We start the 2 servers
o Step 1 : On the provider, we inject the following entry :
dn: cn=3Dconfig
changetype: modify
add: olcServerId
olcServerId: 1
-
o Step 2 : On the provider, we inject the following entries :
# Context entry
dn: dc=3Dexample,dc=3Dcom
changetype: add
objectClass: domain
objectClass: top
dc: example
# LDAPRoles, dc=3Dexample,dc=3Dcom
dn: ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom
objectClass: top
objectClass: organizationalUnit
ou: LDAPRoles
dn: dc=3Dusers,dc=3Dexample,dc=3Dcom
changetype: add
dc: users
objectClass: domain
objectClass: top
dn: cn=3DJohndoe,dc=3Dusers,dc=3Dexample,dc=3Dcom
changetype: add
objectClass: person
objectClass: top
sn: John Doe
cn: Johndoe
# replicator, LDAPRoles, dc=3Dexample, dc=3Dcom
dn: cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom
objectClass: top
objectClass: simpleSecurityObject
objectClass: organizationalRole
userPassword: secret
cn: replicator
o Step 3 : On the consumer, we inject the following entry :
# Context entry
dn: dc=3Dexample,dc=3Dcom
changetype: add
objectClass: domain
objectClass: top
dc: example
o Step 4 : On the provider, we inject the following entries :
dn: cn=3Dmodule{0},cn=3Dconfig
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
dn: olcOverlay=3Dsyncprov,olcDatabase=3D{1}mdb,cn=3Dconfig
changetype: add
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
objectClass: olcSyncprovConfig
olcOverlay: syncprov
olcSpSessionLog: 10000
olcSpCheckpoint: 100 10
dn: olcDatabase=3D{1}mdb,cn=3Dconfig
changetype: modify
add: olcLimits
olcLimits: dn.exact=3D"cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dc=
om" time.soft=3Dunlimited time.h
ard=3Dunlimited size.soft=3Dunlimited size.hard=3Dunlimited
-
dn: olcDatabase=3D{1}mdb,cn=3Dconfig
changetype: modify
replace: olcAccess
olcAccess: {0}to dn.subtree=3D"dc=3Dexample,dc=3Dcom" by self write by =
dn.exact=3D"cn=3D
replicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom" read by anonymous auth =
by * read
-
o Step 5 : On the consumer, we inject the following entry :
dn: olcDatabase=3D{1}mdb,cn=3Dconfig
changetype: modify
add: olcSyncrepl
olcSyncrepl: rid=3D1 provider=3Dldap://10.61.155.18 bindmethod=3Dsimple b=
i
nddn=3D"cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom" credential=
s=3Dsecret type=3DrefreshAndPersis
t searchbase=3D"dc=3Dexample,dc=3Dcom" filter=3D"(objectclass=3D*)" scop=
e=3Dsub schemacheck
ing=3Don retry=3D"5 10 60 +" sizeLimit=3Dunlimited timelimit=3Dunlimited
-
At this point, one would expect the replication to kick on, and having th=
e entries flowing from the producer to the consumer, but nothing happens.
Ignoring the first step (ServerID setting), and applying the other steps,=
just work fine. It seems that setting the ServerID blocks everything (FT=
R, it does not help either to setup the consumer's ServerID).
This is problematic in a scenario where we would try to make 2 servers be=
ing replicated in a MMR typology with MirrorMode set, as the ServerID wi=
l be mandatory.
Here is the provider configuratio (this is in slapd.conf format for conve=
nience, it is being converted to slapd.d before the server is started) :
#########################################################################=
########
## Provider configuration
#########################################################################=
#########
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Schema files. Note that not all of these schemas co-exist peacefully.
# Use only those you need and leave the rest commented out.
include "/opt/symas/etc/openldap/schema/core.schema"
include "/opt/symas/etc/openldap/schema/cosine.schema"
include "/opt/symas/etc/openldap/schema/inetorgperson.schema"
include "/opt/symas/etc/openldap/schema/misc.schema"
# TLSCipherSuite <cipher-suite-spec>
# Permits configuring what ciphers will be accepted and the
# preference order. <cipher-suite-spec> should be a cipher
# specification for the TLS library in use (OpenSSL, GnuTLS, or
# Mozilla NSS).
TLSCipherSuite HIGH:MEDIUM
# Files in which to store the process id and startup arguments.
# These files are needed by the init scripts, so only change
# these if you are prepared to edit those scripts as well.
pidfile "/var/symas/run/slapd.pid"
argsfile "/var/symas/run/slapd.args"
# Choose the directory for loadable modules.
modulepath "/opt/symas/lib64/openldap"
# Uncomment the moduleloads as needed to enable additional
# functionalityi when configured. NOTE: We package many=20
# more modules options than those found below.=20
moduleload back_mdb.la
moduleload back_monitor.la
# Sample access control policy:
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn=3D"" by * read
access to *
by self write
by users read
by anonymous auth
#-----------------------------------------------------------------------
# LOGGING
loglevel stats sync
#######################################################################
# config database
#######################################################################
database config
rootdn "cn=3DDirectory Manager,cn=3Dconfig"
rootpw secret
access to * by * none
#######################################################################
# Sample LMDB database definitions
#######################################################################
database mdb
suffix "dc=3Dexample,dc=3Dcom"
rootdn "cn=3DDirectory Manager,dc=3Dexample,dc=3Dcom"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details describing
# the creation of encrypted passwords.
rootpw secret
# Indices to maintain
# index default sets the basic type of indexing to perform if there isn't=
any indexing specified for a given attribute
index default eq
index objectClass
index cn
# The database directory MUST exist prior to running slapd AND=20
# should only be accessible by the slapd/tools. Mode 700 recommended.
# One directory will be needed for each backend, so you should
# create a subdirectory beneath /var/symas/openldap-data for each
# new backend. This is also where the DB_CONFIG file needs to be
# placed.
directory "/var/symas/openldap-data/example"
# Here we specify the maximum on-disk size of the database. It is=20
# Recommended to set this near the expected free-space availability
# for the machine. This paramiter is not pre-allocated and simply=20
# represents the upward limit to which the database will be allowed
# to grow. Note: Specified in *bytes*. Here, we set it to 1gb.
maxsize 10485760
#######################################################################
# Monitor database
#######################################################################
database monitor
access to dn.subtree=3D"cn=3Dmonitor"
by * read
And here is the consumer configuration :
#########################################################################=
########
## Consumer configuration
#########################################################################=
#########
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Schema files. Note that not all of these schemas co-exist peacefully.
# Use only those you need and leave the rest commented out.
include "/opt/symas/etc/openldap/schema/core.schema"
include "/opt/symas/etc/openldap/schema/cosine.schema"
include "/opt/symas/etc/openldap/schema/inetorgperson.schema"
include "/opt/symas/etc/openldap/schema/misc.schema"
#
# TLSCipherSuite <cipher-suite-spec>
# Permits configuring what ciphers will be accepted and the
# preference order. <cipher-suite-spec> should be a cipher
# specification for the TLS library in use (OpenSSL, GnuTLS, or
# Mozilla NSS).
TLSCipherSuite HIGH:MEDIUM
# Files in which to store the process id and startup arguments.
# These files are needed by the init scripts, so only change
# these if you are prepared to edit those scripts as well.
pidfile "/var/symas/run/slapd.pid"
argsfile "/var/symas/run/slapd.args"
# Choose the directory for loadable modules.
modulepath "/opt/symas/lib64/openldap"
# Uncomment the moduleloads as needed to enable additional
# functionalityi when configured. NOTE: We package many
# more modules options than those found below.
moduleload back_mdb.la
moduleload back_monitor.la
# Sample access control policy:
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn=3D"" by * read
access to *
by self write
by users read
by anonymous auth
#-----------------------------------------------------------------------
# LOGGING
loglevel stats sync
#######################################################################
# config database
#######################################################################
database config
rootdn "cn=3DDirectory Manager,cn=3Dconfig"
rootpw secret
access to * by * none
#######################################################################
# Sample LMDB database definitions
#######################################################################
database mdb
suffix "dc=3Dexample,dc=3Dcom"
rootdn "cn=3DDirectory Manager,dc=3Dexample,dc=3Dcom"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details describing
# the creation of encrypted passwords.
rootpw secret
# Indices to maintain
# index default sets the basic type of indexing to perform if there isn't=
any indexing specified for a given attribute
index default eq
index objectClass
index cn
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
# One directory will be needed for each backend, so you should
# create a subdirectory beneath /var/symas/openldap-data for each
# new backend. This is also where the DB_CONFIG file needs to be
# placed.
directory "/var/symas/openldap-data/example"
# Here we specify the maximum on-disk size of the database. It is
# Recommended to set this near the expected free-space availability
# for the machine. This paramiter is not pre-allocated and simply
# represents the upward limit to which the database will be allowed
# to grow. Note: Specified in *bytes*. Here, we set it to 1gb.
maxsize 10485760
#######################################################################
# Monitor database
#######################################################################
database monitor
access to dn.subtree=3D"cn=3Dmonitor"
by * read
Le 21/10/16 =C3=A0 23:45, openldap-its@OpenLDAP.org a =C3=A9crit :
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
>
> Thanks for your report to the OpenLDAP Issue Tracking System. Your
> report has been assigned the tracking number ITS#8521.
>
> One of our support engineers will look at your report in due course.
> Note that this may take some time because our support engineers
> are volunteers. They only work on OpenLDAP when they have spare
> time.
>
> If you need to provide additional information in regards to your
> issue report, you may do so by replying to this message. Note that
> any mail sent to openldap-its@openldap.org with (ITS#8521)
> in the subject will automatically be attached to the issue report.
>
> mailto:openldap-its@openldap.org?subject=3D(ITS#8521)
>
> You may follow the progress of this report by loading the following
> URL in a web browser:
> http://www.OpenLDAP.org/its/index.cgi?findid=3D8521
>
> Please remember to retain your issue tracking number (ITS#8521)
> on any further messages you send to us regarding this report. If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
>
> Please note that the Issue Tracking System is not intended to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
>
> OpenLDAP Software is user supported.
> http://www.OpenLDAP.org/support/
>
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
>
--=20
Emmanuel Lecharny
Symas.com
directory.apache.org