[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Replication referral
Good day,
First, I should state that I've found the Administrator's guide to be
extremely handy- certainly much better than the documentation that one would
get from the average project.
I've never used replication, so, take what I have to say with a grain of
salt. But, a cursory glance reveals that your undateref URL isn't actually
a URL. URLs are of the form ldap://my.server.com:port .
Try that out. I'm also guessing that your slave server is complaining
loudly that it can't do the replication. Check its log. If you haven't set
up logging, please do that before posting a message here.
============================
Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948
-----Original Message-----
From: mm@inside-security.de [mailto:mm@inside-security.de]
Sent: Friday, March 15, 2002 10:26 AM
To: openldap-software@OpenLDAP.org
Subject: Replication referral
Hi there,
I really would like to run a replica of an LDAP-directory but the whole
thing gets a bit annoying now and besides I'm very much disappointed of
the so called OpenLDAP2.0 Administrator's guide.
But let's come to the point:
Replication is working (well, with the rootpw in cleartext in the replica
directive:( ) and wasn't that much of a problem to bring up.
But when I make an update of a slave server (currently with ldapbrowser as
rootdn), what happens? : The slave server gets updated and there is no
communication to the master server at all.
This makes the whole thing completely useless because it means
desynchronisation whenever an update request is sent to a slave server.
>From the documentation I should think that if you configure a server as a
slave (update* directives) then it ALWAYS passes update requests to the
master. It may not under any circumstance do a local update because
clearly we have desynchronisation as mentioned above.
I didn't try if it's working with ldapmodify, but anyway, as long as there
is any tool which manages to change the slave server directly, the whole
concept is broken.
Am I doing something wrong?
Appended are the slapd.conf's from master and servant.
I really would appreciate any help.
Thanks in advance.
Matthias Mikuletz
MASTER:
---snip---
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
password-hash {SMD5}
loglevel 0
access to * by * read
database ldbm
suffix "dc=xxxx,dc=DE"
rootdn "cn=Manager,dc=xxxx,dc=DE"
rootpw {SMD5}xxxx
directory /var/lib/ldap
access to attr=userPassword by self write by anonymous auth
replica host=slave.xxxx:389 bindmethod=simple credentials=xxxx
binddn="cn=Manager,dc=xxxx,dc=DE"
replogfile /var/lib/ldap/ldaprep.log
---snip---
SLAVE:
---snip---
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema
password-hash {SMD5}
loglevel 0
access to * by * read
database ldbm
suffix "dc=xxxx,dc=DE"
rootdn "cn=Manager,dc=xxxx,dc=DE"
rootpw {SMD5}xxxxx
directory /var/lib/ldap
access to attr=userPassword by self write by anonymous auth
updatedn "cn=Manager,dc=xxxx,dc=DE"
updateref "ldap:master.xxxx:389"
---snip---
--
Matthias Mikuletz | Technologiezentrum | www.inside-security.de
Inside Security | Nobelstr. 15 | Fon 0711 / 68 68 70 36
IT Consulting GmbH | 70569 Stuttgart | Fax 0711 / 68 68 70 31
pub key: www.inside-security.de/mm.asc | mm@inside-security.de