[Date Prev][Date Next] [Chronological] [Thread] [Top]

slurpd replication problmes

i'm trying to set up the repliacation with openldap 2.3 (using the one
debian etch), when i add things to master everything is fine, it
replicates it to slave just fine, on the other hand when i add things
to slave it simply writes it to it's own tree.

here is slapd.conf of the slave (stripped of any comments):

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
modulepath      /usr/lib/ldap
moduleload      back_bdb
sizelimit 500
tool-threads 1
backend         bdb
checkpoint 512 30
TLSCACertificateFile /etc/ldap/cacert.pem
TLSCertificateFile /etc/ldap/servercrt.pem
TLSCertificateKeyFile /etc/ldap/serverkey.pem
loglevel stats
database        bdb
suffix          "dc=kiberpipa,dc=org"
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index           objectClass eq
lastmod         on
access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=kiberpipa,dc=org" write
        by anonymous auth
        by self write
        by * none
access to dn.base="" by * read
access to *
        by dn="cn=admin,dc=kiberpipa,dc=org" write
        by * read
updatedn        "cn=admin,dc=kiberpipa,dc=org"
updateref       "ldaps://chat.kiberpipa.org:636"

with this command "ldapadd -d 65535 -WxD
'cn=admin,dc=kiberpipa,dc=org' -f /tmp/b00" (on slave) i'm getting
http://static.kiberpipa.org/~redduck666/local_adding.txt with
"ldapadd -d 65535 -WxD 'cn=admin,dc=kiberpipa,dc=org' -f /tmp/b00 -H
ldaps://chat.kiberpipa.org:636" i get
http://static.kiberpipa.org/~redduck666/add_to_master.txt (passing it
the same password they write to

i have seen the certificate error there, if i change the ldap.conf on
slave to point to ldap:// instead of ldaps:// that error goes away,
however it still doesn't touch master.

i also read i really shouldn't set updatedn to be the same as rootdn,
well, tried changing it and granting full priviledges to the newly
created account, no difference

any pointers appreciated :-)

For far too long, power has been concentrated in the hands of "root"
and his "wheel" oligarchy. We have instituted a dictatorship of the
users. All system administration functions will be handled by the
People's Committee for Democratically Organizing the System (PC-DOS).