[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using syncrepl for master slave relationship not working



Hi Firman,
yes thank you i know that, the only reason i used them is because i couldnt get the proper ACL working for something dn, but what i really want to know can the suffix of the consumer and provider be different?




Firman Indra Buana wrote:

Hi Omar,

Sorry for my bad english I mean binddn and rootdn on the consumer could be different as from the master. Thank You,

Omar Al-Tabari wrote:

I just need to mention this: do both the provider and consumer have to have the same suffix?
also when configuring the TLS options, I'll have two server certificates, one for the provider and the other one for the consumer, how do i make them communicate using TLS with each other although they have different certs?


Firman Indra Buana wrote:

Hi Omar,
Please look at may change on you consumer conf, that is why modify failed. On the test program binddn could not be the same as rootdn on the master configuration. But if updatedn change is running let it be dont try other things.


Thank You,

Omar Al-Tabari wrote:

My Master slapd.conf looks like this:
*****************
include         /var/openldap/etc/openldap/schema/core.schema
include         /var/openldap/etc/openldap/schema/cosine.schema
include         /var/openldap/etc/openldap/schema/inetorgperson.schema
include         /var/openldap/etc/openldap/schema/nis.schema
include         /var/openldap/etc/openldap/schema/samba.schema
include         /var/openldap/etc/openldap/schema/redhat/autofs.schema


# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2

pidfile         /var/openldap/var/run/slapd.pid
argsfile        /var/openldap/var/run/slapd.args

database        bdb
suffix          "dc=ldaptest,dc=batelco,dc=jo"
rootdn          "cn=Manager,dc=ldaptest,dc=batelco,dc=jo"
#rootpw         {SSHA}6knlCh6UiA1U2EH9zgVCYddyT5wp/e7I
rootpw          secret

# Mode 700 recommended.
directory       /var/openldap/var/openldap-data

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID                  eq
index sambaPrimaryGroupSID      eq
index sambaDomainName           eq
index entryUUID,entryCSN        eq

overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 100
********************
As you can see i didnt put any access rules cause i cant seem to make them work proparly, so i am binding using the rootdn. As for the consumer it look like this:
****************
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /openldap/etc/openldap/schema/core.schema
include /openldap/etc/openldap/schema/cosine.schema
include /openldap/etc/openldap/schema/inetorgperson.schema
include /openldap/etc/openldap/schema/nis.schema
include /openldap/etc/openldap/schema/samba.schema
include /openldap/etc/openldap/schema/redhat/autofs.schema


# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /openldap/var/run/slapd.pid
argsfile        /openldap/var/run/slapd.args

#######################################################################

# BDB database definitions
#######################################################################



database bdb suffix "dc=ldaptest,dc=batelco,dc=jo" rootdn "cn=Manager,dc=ldaptest,dc=batelco,dc=jo" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /openldap/var/openldap-data # Indices to maintain index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index entryUUID,entryCSN eq

syncrepl rid=1
                provider=ldap://ldaptest.batelco.jo
                binddn="cn=manager,dc=ldaptest,dc=batelco,dc=jo"
                bindmethod=simple
                credentials=secret
                searchbase="dc=ldaptest,dc=batelco,dc=jo"
                filter="(objectClass=*)"
                attrs="*"
                schemachecking=off
                scope=sub
                type=refreshAndPersist




updatedn="cn=Manager,dc=ldaptest,dc=batelco,dc=jo"


********************8
both the consumer and provider have the same suffix, i dont know if that is the way it should be, but wont that make problems when i try to implement TLS "thats if i can get this running in the first place".
thank you in advance, i really need the help right now.



Firman Indra Buana wrote:

Hi Omar,
Could you give me full of you slapd.conf, your master and your costumer, you could edit it if there is some information that I should'nt know.
Thank You,
Omar Al-Tabari wrote:


I replaced the search bas with the rootdn, but this is what i got:
[root@ldaptest libexec]# ./slapd -d256 -u ldap -h "ldap:///";
@(#) $OpenLDAP: slapd 2.3.2beta (Mar 28 2005 13:05:53) $
root@ldaptest:/root/openldap-2.3.2beta/servers/slapd
bdb_db_init: Initializing BDB database
16: unknown tls_option <b>
slapd starting
conn=0 fd=12 ACCEPT from IP=172.16.5.108:2089 (IP=0.0.0.0:389)
conn=0 op=0 BIND dn="cn=manager,dc=ldaptest,dc=batelco,dc=jo" method=128
conn=0 op=0 BIND dn="cn=Manager,dc=ldaptest,dc=batelco,dc=jo" mech=SIMPLE ssf=0
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="cn=manager,dc=ldaptest,dc=batelco,dc=jo" scope=2 deref=0 filter="(objectClass=*)"
conn=0 op=1 SRCH attr=* structuralObjectClass entryCSN
findbase failed! 32
conn=0 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
conn=0 op=2 UNBIND
conn=0 fd=12 closed


but the consumer didnt give me an ldap_modify error, when I changed the searchbase to the old one the consumer gave me this:
[root@mc libexec]# ./slapd -d256 -u ldap -h "ldap:///";
@(#) $OpenLDAP: slapd 2.3.2beta (Mar 24 2005 11:18:51) $
root@mc:/root/openldap-2.3.2beta/servers/slapd
bdb_db_init: Initializing BDB database
16: unknown tls_option <b>
slapd starting
request 1 done
be_modify failed (32)



Firman Indra Buana wrote:

hi Omar,

Replace the searchbase with the rootdn of your master, try it. Again, look at the sample of "test" in openldap installer, there is a lot of example there that you could try it first.


Omar Al-Tabari wrote:

But there is "dc=ldaptest,dc=batelco,dc=jo" in master database, then how does its ldap server function??
Openldap v2.3 is working fine on the master server and i can search it, query it and all that, but still Syncrepl doesnt work!!


Firman Indra Buana wrote:

Simple!!!! no dc=ldaptest,dc=batelco,dc=jo in master database and you could not bind it, I try syncrepl and nothing problem with it, just try the test program from openldap installer and you would understand it more, try with simple and go to advanced. Hope this is help.

Omar Al-Tabari wrote:

Omar Al-Tabari wrote:

Howard Chu wrote:

Omar Al-Tabari wrote:

Omar Al-Tabari wrote:

Howard Chu wrote:

Read the 2.3 Admin Guide. The provider configuration in 2.3 is not identical to 2.2, as I've mentioned here a number of times.













now i've read the 2.3 manual and here's what i added to my slapd.conf:


index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID                  eq
index sambaPrimaryGroupSID      eq
index sambaDomainName           eq
index entryUUID,entryCSN        eq

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

and i've also updated my consumers slapd.conf:

syncrepl rid=123
provider=ldap://ldaptest.batelco.jo:389
type=refreshOnly
interval=00:00:01:00
searchbase="dc=ldaptest,dc=batelco,dc=jo"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
bindmethod=simple
binddn="cn=manager,dc=ldaptest,dc=batelco,dc=jo"
credentials=secret













That looks reasonable.

I also tried out the "type=refreshAndPersist" mode on the consumer and this is the output after starting both the provider and consumer:

bdb_db_init: Initializing BDB database
16: unknown tls_option <b>
slapd starting
request 1 done
be_modify failed (32)













That looks bad. There are other errors in your slapd.conf file that need to be fixed.


Does the entry corresponding to the database suffix exist in your database?

I'm sorry i didnt quite understand your question, I'm not that very good configuring these things as you may have noticed :)











this is what i got with debug level 9
*****************************
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({iaa}) ber:
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
bdb_dn2entry("dc=ldaptest,dc=batelco,dc=jo")
=> bdb_dn2id("dc=ldaptest,dc=batelco,dc=jo")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990)
ldap_search_ext
put_filter: "(objectClass=*)"
put_filter: simple
put_simple_filter: "objectClass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 150 bytes to sd 10
=>do_syncrep2
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (timeout 0 sec, 0 usec), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: ldaptest.batelco.jo port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Apr 6 15:11:28 2005


** Outstanding Requests:
* msgid 2,  origid 2, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
ldap_int_select
connection_get(10): got connid=0
daemon: added 10r
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10): got connid=0
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
=>do_syncrepl
=>do_syncrep2
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (timeout 0 sec, 0 usec), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: ldaptest.batelco.jo  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Wed Apr  6 15:11:28 2005
****************************************

any clues?
it has "<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990)" what does that mean?