[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: multimaster configuration of openldap-2.0.25
Hi,
I made the changes that was suggested in the reply i got back from the first
time, which i consider to be configuring openldap for multimaster support,
and modify the slapd.conf files as suggested.
Together with the email I sent (below), the changes was made (with configure
--enable-multimaster)
and to the both slapd.conf files i attached (also below)
As far as i can see i've made the suggested changes, and
I still get the servers updating each other over and over.
Is there anyone who has managed to get this working? Would be grateful if
someone could send me their slapd.conf
files, and perhaps give me an idea what I have not done right.
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: fredag, augusti 30, 2002 10:40
To: Westman, Olle; openldap-software@OpenLDAP.org
Subject: RE: multimaster configuration of openldap-2.0.25
You asked this question before, and you already got the correct answers.
http://www.openldap.org/lists/openldap-software/200208/msg00597.html
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> Olle.Westman@astrazeneca.com
> Hello All,
>
> I'm trying to compile OpenLDAP-2.0.25 with multimaster support. I have two
> servers which i want to act as masters,
> updating each other, whoever gets and update request (mirror)
> Right now, i've compiled OpenLDAP-2.0.25 by runnning configure like this:
>
> ./configure --enable-slapd --enable-slurpd --enable-multimaster
> --enable-crypt --enable-debug --prefix=/usr/freeware
>
> The trouble is that the openldap (master)servers never stop updating each
> other.
>
> I have not used a replicator dn. Is this necessary? Is it wrong to update
> with the rootdn?
>
> There is SLAPD_MULTIMASTER definitions in the code, do i have to define it
> manually or is this taken care of by --enable-multimaster?
>
> I have not used updateref or referral. Are they necessary in this setup?
>
> What am I missing, and what is necessary to add/modify to make this setup
> work?
>
> My slapd.conf config files look like the following:
>
> Server 1:
>
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7
> 2001/09/27 20:00:31
> kur
> t Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /usr/freeware/etc/openldap/schema/core.schema
> include /usr/freeware/etc/openldap/schema/cosine.schema
> include /usr/freeware/etc/openldap/schema/nis.schema
> include /usr/freeware/etc/openldap/schema/inetorgperson.schema
> include /usr/freeware/etc/openldap/schema/misc.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /usr/freeware/var/slapd.pid
> argsfile /usr/freeware/var/slapd.args
>
> # Load dynamic backend modules:
> # modulepath /usr/freeware/libexec/openldap
> # moduleload back_ldap.la
> # moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> #
> # Sample Access Control
> # Allow read access of root DSE
> # Allow self write access
> # Allow authenticated users read access
> # Allow anonymous users to authenticate
> #
> #access to dn="" by * read
> #defaultaccess write
> access to attr=userPassword
> by self write
> # by anonymous auth
> by dn="cn=Manager,dc=my-domain,dc=com" write
> by * none
> access to *
> by self write
> # by anonymous auth
> by dn="cn=Manager,dc=my-domain,dc=com" write
> by * read
>
> #access to *
> # by self write
> # by users read
> # by anonymous auth
> #
> # if no access controls are present, the default is:
> # Allow read by all
> #
> # rootdn can always write!
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> suffix "dc=my-domain,dc=com"
> #suffix "o=My Organization Name,c=US"
> rootdn "cn=Manager,dc=my-domain,dc=com"
> #rootdn "cn=Manager,o=My Organization Name,c=US"
> # Cleartext passwords, especially for the rootdn, should
> # be avoid. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw secret
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory /usr/freeware/var/openldap-ldbm
> # Indices to maintain
> index objectClass eq
>
> password-hash {CRYPT}
>
> #########################################################################
> # replication definitions
> #########################################################################
> replica host=serv-2.company.net:389
> binddn="cn=Manager1,dc=my-domain,dc=com"
> bindmethod=simple credentials=secret
> updatedn "cn=Manager,dc=my-domain,dc=com"
> replogfile /tmp/replog-1.log
>
>
> Server 2:
>
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7
> 2001/09/27 20:00:31
> kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /usr/freeware/etc/openldap/schema/core.schema
> include /usr/freeware/etc/openldap/schema/cosine.schema
> include /usr/freeware/etc/openldap/schema/nis.schema
> include /usr/freeware/etc/openldap/schema/inetorgperson.schema
> include /usr/freeware/etc/openldap/schema/misc.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /usr/freeware/var/slapd.pid
> argsfile /usr/freeware/var/slapd.args
>
> # Load dynamic backend modules:
> # modulepath /usr/freeware/libexec/openldap
> # moduleload back_ldap.la
> # moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> #
> # Sample Access Control
> # Allow read access of root DSE
> # Allow self write access
> # Allow authenticated users read access
> # Allow anonymous users to authenticate
> #
> #access to dn="" by * read
> #defaultaccess write
> access to attr=userPassword
> by self write
> # by anonymous auth
> by dn="cn=Manager1,dc=my-domain,dc=com" write
> by * none
> access to *
> by self write
> # by anonymous auth
> by dn="cn=Manager1,dc=my-domain,dc=com" write
> by * read
> #
> # if no access controls are present, the default is:
> # Allow read by all
> #
> # rootdn can always write!
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> suffix "dc=my-domain,dc=com"
> #suffix "o=My Organization Name,c=US"
> rootdn "cn=Manager1,dc=my-domain,dc=com"
> #rootdn "cn=Manager,o=My Organization Name,c=US"
> # Cleartext passwords, especially for the rootdn, should
> # be avoid. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw secret
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory /usr/freeware/var/openldap-ldbm
> # Indices to maintain
> index objectClass eq
>
> password-hash {CRYPT}
>
> #########################################################################
> # replication definitions
> #########################################################################
> replica host=serv-1.company.net:389
binddn="cn=Manager,dc=my-domain,dc=com"
> bindmethod=simple credentials=secret
> updatedn "cn=Manager1,dc=my-domain,dc=com"
> replogfile /tmp/replog-2.log
>
>