[Date Prev][Date Next]
Replication failed, only slave is updated...
I ran into a problem with replication of my openldap servers, which I have
solved. That is I am no longer affected.
3 ldap servers: 1 master (ldapmaster), 2 slaves(ldapslave1, ldapslave2). The
slaves have an alias in DNS that resolves to both slaves (ldapslave).
All running SuSE Linux Enterprise Server 9.
Standard openldap and samba packages from SuSE:
All clients use the alias in their ldap-setup. So basicly the master only
handles updates, and the slaves handles requests.
The ldap servers are used as authenication source for Samba.
I did 2 things that were not recomended:
1. The same rootdn, with same password for both the master and the slaves.
2. The samba PDC used the slave alias as its ldap
passdb backend = ldapsam:ldap://ldapslave
The ldaptree was mostly maintained through scripts which talked directly to
the master, and everything was replicated fine.
But when adding computers to the samba-domain the PDC had to update the
password for the computers. That seemed to work smoothly, but I ran into
problems that I thought that were 'impossible' ;-)
The PDC updated just the slave it had resolved and binded to. The master was
not contacted and no replication was done... The consistency of the servers
Now my 'solution' was just to change my smb.conf:
passdb backend = ldapsam:ldap://ldapmaster
Now the PDC talkes directly to the master and the password change is
What I do not understand is why the PDC was allowed to change the slave
directly. As it says in http://www.openldap.org/doc/admin23/replication.html
Sample replication scenario:
1. The LDAP client submits an LDAP modify operation to the slave slapd.
2. The slave slapd returns a referral to the LDAP client referring the client
to the master slapd.
Jonas Helgi Palsson
"Því jú engum manni eru guðirnir svo grimmir, að gera hann fullkominn"