[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
multimaster configuration of openldap-2.0.25
Hello All,
I'm trying to compile OpenLDAP-2.0.25 with multimaster support. I have two
servers which i want to act as masters,
updating each other, whoever gets and update request (mirror)
Right now, i've compiled OpenLDAP-2.0.25 by runnning configure like this:
./configure --enable-slapd --enable-slurpd --enable-multimaster
--enable-crypt --enable-debug --prefix=/usr/freeware
The trouble is that the openldap (master)servers never stop updating each
other.
I have not used a replicator dn. Is this necessary? Is it wrong to update
with the rootdn?
There is SLAPD_MULTIMASTER definitions in the code, do i have to define it
manually or is this taken care of by --enable-multimaster?
I have not used updateref or referral. Are they necessary in this setup?
What am I missing, and what is necessary to add/modify to make this setup
work?
My slapd.conf config files look like the following:
Server 1:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
kur
t Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/freeware/etc/openldap/schema/core.schema
include /usr/freeware/etc/openldap/schema/cosine.schema
include /usr/freeware/etc/openldap/schema/nis.schema
include /usr/freeware/etc/openldap/schema/inetorgperson.schema
include /usr/freeware/etc/openldap/schema/misc.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/freeware/var/slapd.pid
argsfile /usr/freeware/var/slapd.args
# Load dynamic backend modules:
# modulepath /usr/freeware/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#defaultaccess write
access to attr=userPassword
by self write
# by anonymous auth
by dn="cn=Manager,dc=my-domain,dc=com" write
by * none
access to *
by self write
# by anonymous auth
by dn="cn=Manager,dc=my-domain,dc=com" write
by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=my-domain,dc=com"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,dc=my-domain,dc=com"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/freeware/var/openldap-ldbm
# Indices to maintain
index objectClass eq
password-hash {CRYPT}
#########################################################################
# replication definitions
#########################################################################
replica host=serv-2.company.net:389 binddn="cn=Manager1,dc=my-domain,dc=com"
bindmethod=simple credentials=secret
updatedn "cn=Manager,dc=my-domain,dc=com"
replogfile /tmp/replog-1.log
Server 2:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/freeware/etc/openldap/schema/core.schema
include /usr/freeware/etc/openldap/schema/cosine.schema
include /usr/freeware/etc/openldap/schema/nis.schema
include /usr/freeware/etc/openldap/schema/inetorgperson.schema
include /usr/freeware/etc/openldap/schema/misc.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/freeware/var/slapd.pid
argsfile /usr/freeware/var/slapd.args
# Load dynamic backend modules:
# modulepath /usr/freeware/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#defaultaccess write
access to attr=userPassword
by self write
# by anonymous auth
by dn="cn=Manager1,dc=my-domain,dc=com" write
by * none
access to *
by self write
# by anonymous auth
by dn="cn=Manager1,dc=my-domain,dc=com" write
by * read
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=my-domain,dc=com"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager1,dc=my-domain,dc=com"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/freeware/var/openldap-ldbm
# Indices to maintain
index objectClass eq
password-hash {CRYPT}
#########################################################################
# replication definitions
#########################################################################
replica host=serv-1.company.net:389 binddn="cn=Manager,dc=my-domain,dc=com"
bindmethod=simple credentials=secret
updatedn "cn=Manager1,dc=my-domain,dc=com"
replogfile /tmp/replog-2.log