[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication failed, only slave is updated...


I ran into a problem with replication of my openldap servers, which I have 
solved. That is I am no longer affected.

My setup:

3 ldap servers: 1 master (ldapmaster), 2 slaves(ldapslave1, ldapslave2). The 
slaves have an alias in DNS that resolves to both slaves (ldapslave). 
All running SuSE Linux Enterprise Server 9.

Standard openldap and samba packages from SuSE:

All clients use the alias in their ldap-setup. So basicly the master only 
handles updates, and the slaves handles requests.

The ldap servers are used as authenication source for Samba.

I did 2 things that were not recomended:

1. The same rootdn, with same password for both the master and the slaves.

2. The samba PDC used the slave alias as its ldap
from smb.conf:
passdb backend = ldapsam:ldap://ldapslave

The ldaptree was mostly maintained through scripts which talked directly to 
the master, and everything was replicated fine.
But when adding computers to the samba-domain the PDC had to update the 
password for the computers. That seemed to work smoothly, but I ran into 
problems that I thought that were 'impossible' ;-)

The PDC updated just the slave it had resolved and binded to. The master was 
not contacted and no replication was done... The consistency of the servers 
was scr**ed.

Now my 'solution' was just to change my smb.conf:
passdb backend = ldapsam:ldap://ldapmaster

Now the PDC talkes directly to the master and the password change is 

What I do not understand is why the PDC was allowed to change the slave 
directly. As it says in http://www.openldap.org/doc/admin23/replication.html
Sample replication scenario:
1. The LDAP client submits an LDAP modify operation to the slave slapd. 
2. The slave slapd returns a referral to the LDAP client referring the client 
to the master slapd.


Jonas Helgi Palsson
"Því jú engum manni eru guðirnir svo grimmir, að gera hann fullkominn"