[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: a newbie trying to get the basics of syncrepl going



Seger, Mark wrote:
> I’m an admitted ldap lightweight but have been able to bring up an ldap
> server and populate it with the contents of my /etc/passwd file.  Now I
> want to set up a replica on another machine using sync replication and
> am having a few issues getting it to work.  My most recent success was
> getting simple authentication working because before it was failing and
> now it’s not so I’ve at least gotten that far.  Here’s what my
> replication section looks like in ldap.conf:
> 
>  

Hi,

has 'lsfadmin' access to read whole tree on the master?
And if it's simple Master X N slaves type, which probably is, you can't
write to slave - slapd.conf :: updateref ldaps://mymaster.domain.tld

Regards,
Zdenek

-- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net

> 
> syncrepl rid=123
> 
>     provider=ldap://10.99.99.99:389
> 
>     type=refreshOnly
> 
>     interval=01:00:00:00
> 
>     searchbase="dc=myldap,dc=com"
> 
>     filter="(objectClass=account)"
> 
>     scope=sub
> 
>     schemachecking=off
> 
>     updatedn="cn=replica,dc=myldap,dc=com"
> 
>     bindmethod=simple
> 
>     binddn="uid=lsfadmin,ou=People,dc=myldap,dc=com"
> 
>     credentials=Something
> 
>  
> 
> I’m pretty sure I have the search parameters set correctly because if I run:
> 
>  
> 
> ldapsearch -x -h 10.99.99.99 -b 'dc=myldap,dc=com' -A uid
> 
>  
> 
> it dumps all my uids.
> 
>  
> 
> The part I’m on clear on is how to define things on the slave side.  For
> example I have the main part of the conf set the same on the master,
> just to make things easy on me and so I have the following which is
> exactly how I have the master set up.
> 
>  
> 
> database        bdb
> 
> suffix          "dc=myldap,dc=com"
> 
> rootdn          "cn=Manager,dc=myldap,dc=com"
> 
> rootpw          {SSHA}ZmTfiKLVf8X5GERsT3b3AoB3/hFV3l7R
> 
> directory       /var/lib/ldap
> 
>  
> 
> I’m guessing my problem may be with
> updatedn="cn=replica,dc=myldap,dc=com", but I’m not sure what it should
> be and whether or not I have to prime the replica with any special
> authentication to be able to write to it.
> 
>  
> 
> If I run “ldapsearch -x -b 'dc=myldap,dc=com'” against the replica it
> comes up empty so I’m sure nothing is getting replicated.  Further if I
> run the slave slapd with –d128 I get:
> 
>  
> 
> [root@hpdc3dmgt1 ~]# slapd -d 128
> 
> @(#) $OpenLDAP: slapd 2.3.43 (Nov  6 2008 02:53:24) $
> 
>        
> brewbuilder@hs20-bc1-5.build.redhat.com:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
> 
> slapd starting
> 
> request done: ld 0x2ac52b507c70 msgid 1
> 
> => bdb_entry_get: cannot find entry: "dc=myldap,dc=com"
> 
> do_syncrep2: rid 123got search entry without control
> 
> do_syncrepl: rid 123 quitting
> 
>  
> 
> but I have no idea where it’s looking for the entry, on the master or
> the slave?  But I do have that entry on the master.
> 
>  
> 
> I’m sure I’m doing something wrong but am also hoping it’s relatively minor.
> 
>  
> 
> -mark
> 
>  
> 
>  
>