[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap syncrepl Provider with Slave(older version)

Hi ,


My application was using replication using Slurpd .

Now, we want to move to openldap version 2.4 (RHEL 6.x)from 2.2, so I should use syncrepl  instead slurpd. Replication clients(slaves) can still be of older version(2.2)


I am tried to replication setup using sincerely using doc http://www.openldap.org/doc/admin24/replication.html

I am following first of two topologies suggested for replacing slurped in doc http://www.openldap.org/doc/admin24/replication.html

It says (Master/Provider configuration) ---àProxy consumer configuration --sincerely-àold Slaves(which were working with slurpd)


Following are my Master and Proxy configuration file they are similar to what above documents says



Master slapd.conf [ /usr/sbin/slapd -h ldap://localhost:389 -f /usr/share/openldap-servers/slapd.conf ]


access to *

             by dn.base="cn=replicator,dc=Avaya" write

             by dn.base="cn=root,dc=Avaya" write

             by dn.base=umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya read

             by * break

access to dn.base=""

                by * read

access to dn.base="dc=Avaya"

                by * read

access to dn.subtree="ou=People,dc=Avaya"

            by dn.exact="cn=root,dc=Avaya" write

            by users read

            by * read

access to *

                by self write

                by * read

database        bdb

suffix          "dc=Avaya"

rootdn          "cn=root,dc=Avaya"

rootpw          secret

rootpw          Testpw


# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

password-hash {CLEARTEXT},{SHA},{SSHA}

directory       /var/lib/ldap


index objectClass                       eq

index       default     sub

index ou,cn,mail,surname,givenname      eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

index entryCSN eq

index entryUUID eq


checkpoint      1024 15

cachesize       10000

idlcachesize    10000

#syncrepl Provider for primary db

        overlay syncprov

        syncprov-checkpoint 1000 60

        # Let the replica DN have limitless searches

        limits dn.exact="umObjectGUID=218afb42cb5e11e09542001a64e587d4,ou=People,dc=Avaya" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited

        limits dn.exact="cn=replicator,dc=Avaya" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited





Proxy slapd_p.conf  [ /usr/sbin/slapd -h ldap://localhost:50389 -f /usr/share/openldap-servers/slapd_p.conf ]


access to *

        by * read

        # Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap

        database        ldap

        # ignore conflicts with other databases, as we need to push out to same suffix

        hidden              on

        suffix          "dc=Avaya"

        rootdn         "cn=slapd-ldap,dc=Avaya"

        uri     ldap://localhost:50389

        rootpw          secret

        rootpw          testing

        lastmod         on

        acl-bind     bindmethod=simple





        syncrepl        rid=001









                        retry="5 5 300 5"

        overlay         syncprov




1)I am able to query Master database but not to proxy database why so ?

ps -ef | grep slapd

/usr/sbin/slapd -h ldap://localhost:389 -f /usr/share/openldap-servers/slapd.conf

/usr/sbin/slapd -h ldap://localhost:50389 -f /usr/share/openldap-servers/slapd_P.conf


lsearch query to master database(port 389) is working

/usr/bin/ldapsearch  -x -h localhost -p 389 -D"cn=root,dc=Avaya" -w w00dstock -b"dc=Avaya" '(objectClass=*)'


Why following query to proxy (50389) is failing even though database has read permissions to everyone .


/usr/bin/ldapsearch  -x -h localhost -p 50389 -D"cn=slapd-ldap" -w w00dstock -b"dc=Avaya" '(objectClass=*)'

ldap_bind: Invalid credentials (49)


2)is  "cn=replicator,dc=Avaya" here should be rootdn user or normal database(slapd) user ?.


I tried this ldap slapd user "umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya” and with password ”1234” and restarting both master and proxy still query fails


Can you point me where am I wrong ?





"This email and any files transmitted with it contain confidential, proprietary,
privileged information of Symphony Services Corp (India) Pvt. Ltd. and are intended
solely for the use of the recipient/s to whom it is addressed. Any unauthorized
notifying, copying or distributing of this e-mail, directly or indirectly, and the
contents therein in full or part is prohibited by any entity who is not a recipient.
Any email received inadvertently or by mistake should be deleted by the entity who
is not a recipient thereof. You may be pleased to notify the sender immediately by
email and the email should be deleted from your system".