[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication slapd.conf example?





--On Tuesday, June 10, 2003 8:51 PM -0400 kend@xanoptix.com wrote:

Hey, all -- I've been RTFMing all day, and I can -not- figure out how to
get replication working.  I tried via both the Debian install, and by
hand, and either
a) it doesn't work, or
b) it not only doesn't work, but it spikes the CPU.

I -do- get info into my replogfile, but it goes between ~2K, and 0 bytes,
then back and forth; I assume it's trying to replicate, but is failing.
If anyone would be kind enough to give me a -full- snippet from both slave
and master slapd.conf files (or a link to somewhere that gives full
examples, as opposed to the ones in the admin guide on openldap.org), it'd
be _much_ appreciated.

Ken,

You haven't specified what version of OpenLDAP you are using. This is how we set up replication on our servers, but be warned that we use K5 for our replication identity, so there are no passwords, etc, involved in doing this as there may be in other cases.

Master:

database        bdb
suffix          "dc=stanford,dc=edu"
rootdn          "cn=Manager,dc=stanford,dc=edu"

# Replica Directives

replica         host=ldap1.stanford.edu:389
               tls=yes bindmethod=sasl

binddn=cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu saslmech=gssapi

replogfile      /var/log/replog


Slave:

#######################################################################
# bdb database definitions
#######################################################################

database        bdb
suffix          "dc=stanford,dc=edu"
rootdn          "cn=Manager,dc=stanford,dc=edu"

# Replica Directives

updatedn        cn=replicator,cn=service,cn=applications,dc=stanford,dc=edu
updateref       ldaps://ldap-master.stanford.edu

Also important, the ACL file for the slave (which we have as a separate file):

# $Id: slapd.acl,v 1.59 2003/06/10 17:53:33 quanah Exp $
# ACL include file for slapd
#
# this is for testing

access to dn.base=""
       by * read

access to dn.base="cn=monitor"
       by * read

access to *
by dn.base="cn=replicator,cn=Service,cn=Applications,dc=stanford,dc=edu" write
by * break


--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html