[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication Problem

On Friday 26 October 2007 10:32:48 Marcus Frischherz wrote:
> Buchan Milne schrieb:
> > On Thursday 25 October 2007 21:51:12 Marcus Frischherz wrote:
> >> Hi,
> >>
> >>
> >> I set up in the master:
> >
> > If this was *exactly* what was in your slapd.conf, it is broken. White
> > space is very important in slapd.conf, there should be leading white
> > space before the first characters on your line starting with bindmethod
> > (as it is part of the replica statement, which should be on one line, and
> > lines may be continued by using leading white space on the next line to
> > aid readability).
> >
> >> replogfile /var/lib/ldap/slurpd/slurpd.replog
> >> replica host=frifri_vpn:389 binddn="uid=rmanager,ou=intern,o=rori"
> >> bindmethod=simple credentials=xxx
> That newline was created by Thunderbird, in reality the replogfile
> statement is one line, and the replica statement is one line, without
> continuation
> >> updatedn="uid=rmanager,ou=intern,o=rori" updateref rori_vpn:389
> >
> > And here, the updatedn should be the first text on a new line (no leading
> > white space), and the same thing for updateref. If you really have
> > updatedn and updateref on the same line, this would explain your problem
> > below.
> Well, that's what I thought, and what my LDAP book says. However, if I
> put the
> updateref statement on a separate subsequent line, I get the following
> error
> upon start-up of slapd:
> /etc/openldap/slapd.conf: line 103: <updateref> must appear after
> syncrepl or updatedn
> This after I changed the slave to look like this:
> updatedn="uid=rmanager,ou=intern,o=rori"
> updateref rori_vpn:389

If this was exactly what you had, then you would want to replace the 
updatedn="uid... with updatedn "uid...

Also, updateref is supposed to be a URI, so something more like 
ldap://rori_vpn:389 would be appropriate.

> > The slave will only accept operational attributes from the updatedn.
> > Additionally, it won't accept any changes from anything but the updatedn,
> > if the updateref is set. So, it seems like slapd on the slave is not
> > parsing either of your updatedn or updateref statements.
> >
> > If you don't succeed in fixing the issue, please attach sanitised
> > versions of your configuration files, so we can be sure we are looking at
> > *exactly* what you have in slapd.conf.
> How to samitize? tarred attachments?

Remove any sensitive information, such as passwords (hashed or cleartext), or 
anything else you don't want to have public. However, you should not modify 
it too much as you may introduce errors.

> > I note that slurpd-based replication is deprecated in 2.3, and slurpd has
> > been removed from 2.4.
> Well, the administrator's guide, chapter 14, in the file
> replication.html distributed with the package openldap2 does not mention
> deprecation.

See my other reply, but I'll note that 2.4.5 shipped with no slurpd.

However, it does still work (for simple cases, more complex ones require some 
workarounds) in 2.3, but you may find it more productive to migrate to