[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newly configured replication (master / slave) on 2.3 not quite working..

To: openldap-technical@openldap.org
Subject: Newly configured replication (master / slave) on 2.3 not quite working..
From: Michael March <mmarch@gmail.com>
Date: Tue, 16 Nov 2010 19:52:00 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=Q7zd3575xReXT6dQuKcjkYFgxfVbNDQUGFN2Xqv5lwg=; b=k+tbOLm9U9ARKYrUN0ZXeA6ObNObUp33mV2BRo9eMs9HFwYnYJEfyZgvFf9mEpugRW OWo34+nXgGT7rZ7+RiIIg8buDnhwhL3Bp7FGX4TzrPXSQvuP1DuSd3nzi85qetIoamOu s+bT7dDxn32ot8n0LzNdMKmJkkIFzJ3eBEqxg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Dd0G8xti92Xw1wAdaTNAONqOUgrskRGE2bDMLzVRBIhQh8BnJmjJTpLG5AZpk1vAjv ZvZZkmMiK7m2EhQqWHwVjrNslSpO38C/YUmt68OEyJ4gceWMeb3krHaSIN7+9IUxV+cv /+Pcn1PFvAAAuy5D/CE85jEsvQCrMsLQ/agac=

Entries are taking a LONG time to propagate (if they do at all)..

I'm getting a TON of entries in the log like this on the slave side
(continuously):


Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= root access granted
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= test_filter 5
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: bdb_search: 2629 does not match filter
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: entry_decode:
"uid=mwatson,ou=People,dc=acme,dc=com"
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <=
entry_decode(uid=mwatson,ou=People,dc=acme,dc=com)
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => test_filter
Nov 16 21:03:54 sfo-dns-01 slapd[11864]:     EQUALITY
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => access_allowed: search
access to "uid=mwatson,ou=People,dc=acme,dc=com" "entryUUID" requested
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= root access granted
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= test_filter 5
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: bdb_search: 2630 does not match filter
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: entry_decode:
"cn=mwatson,ou=Group,dc=acme,dc=com"
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <=
entry_decode(cn=mwatson,ou=Group,dc=acme,dc=com)
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => test_filter
Nov 16 21:03:54 sfo-dns-01 slapd[11864]:     EQUALITY
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => access_allowed: search
access to "cn=mwatson,ou=Group,dc=acme,dc=com" "entryUUID" requested
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= root access granted
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= test_filter 5
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: bdb_search: 2631 does not match filter
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: entry_decode:
"ou=Contacts,uid=mwatson,ou=People,dc=acme,dc=com"
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <=
entry_decode(ou=Contacts,uid=mwatson,ou=People,dc=acme,dc=com)
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => test_filter
Nov 16 21:03:54 sfo-dns-01 slapd[11864]:     EQUALITY
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => access_allowed: search
access to "ou=Contacts,uid=mwatson,ou=People,dc=acme,dc=com"
"entryUUID" request
ed

Here's the slave config:

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include         /etc/openldap/schema/ldapab.schema
include         /etc/openldap/schema/ppolicy.schema

allow bind_v2

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

modulepath /usr/lib64/openldap
moduleload ppolicy.la

TLSCertificateFile /etc/openldap/ldap.cert
TLSCertificateKeyFile /etc/openldap/ldap.key

database        bdb
suffix          "dc=acme,dc=com"

rootdn          "uid=helpdesk,ou=People,dc=acme,dc=com"

rootpw         {SHA}FOOOOOO+pZB93s06zAM1vQo=

directory /var/lib/ldap

overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=acme,dc=com"
ppolicy_use_lockout

sizelimit 2500

loglevel  -1

directory	/var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

syncrepl rid=123
                provider=ldap://ldap-stage.acme.com:389
                #type=refreshAndPersist
		type=refreshOnly
                interval=00:00:02:00
                searchbase="dc=acme,dc=com"
                # filter="(objectClass=organizationalPerson)"
                filter="(objectClass=*)"
                updatedn "uid=helpdesk,ou=People,dc=acme,dc=com"
                scope=sub
                schemachecking=off
                bindmethod=simple
                binddn="uid=helpdesk,ou=People,dc=acme,dc=com"
                credentials=FOOOBAR

updateref ldap://ldap-stage.acme.com

-- 
<cowmix>

Prev by Date: Problems with ppolicy_forward_updates and starttls with certificate-based auth
Next by Date: Re: Role Based Attribute
Index(es):
- Chronological
- Thread