[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Need help with replica
Hello list,
I created a VM to test ppolicy migration and replication.
On my master server some user (like mine) are "bind" to ppolicy:
I have a OU policies
dn: cn=default,ou=policies,dc=example,dc=com
cn: default
objectclass: top
objectclass: device
objectclass: pwdPolicy
objectclass: pwdPolicyChecker
pwdallowuserchange: TRUE
pwdattribute: userPassword
pwdcheckmodule: mmc-check-password.so
pwdcheckquality: 0
pwdexpirewarning: 600
pwdfailurecountinterval: 0
pwdgraceauthnlimit: 5
pwdinhistory: 5
pwdlockout: TRUE
pwdlockoutduration: 0
pwdmaxage: 7776000
pwdmaxfailure: 5
pwdminlength: 8
pwdmustchange: TRUE
pwdsafemodify: FALSE
And my user:
dn: cn=Jacques Foucry,ou=People,dc=example,dc=com
c: France
cn: Jacques Foucry
gidnumber: 1000
givenname: Jacques
homedirectory: /home/jfoucry
loginshell: /bin/zsh
mail: jacques.foucry@example.com
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
objectclass: sambaSamAccount
objectclass: posixAccount
objectclass: top
objectclass: shadowAccount
objectclass: pwdPolicy
ou: RT_Users
postalcode: 75009
pwdattribute: userPassword
sambaacctflags: [U]
shadowlastchange: 15987
shadowmax: 120
shadowmin: 7
shadowwarning: 7
sn: Foucry
uid: jfoucry
uidnumber: 1010
userpassword: --password--
On the replica mv. I created a slapd.conf file (I cannot understand the
"new" syntax).
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/mozillaAbPersonAlpha.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/pureftpd.schema
include /etc/ldap/schema/ppolicy.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel config sync
modulepath /usr/lib/ldap
moduleload back_hdb
database hdb
suffix "dc=example,dc=com"
rootdn "cn=admin,dc=example,dc=com"
rootpw {SSHA}--password--
directory /var/lib/ldap
referral ldaps://192.168.72.13
syncrepl rid=020
provider=ldaps://192.168.72.13
type=refreshOnly
interval=00:08:00:00
retry="60 10 300 +"
filter="(objectClass=*)"
scope=sub
attrs="*"
bindmethod=simple
schemachecking=off
searchbase="dc=exmaple,dc=com"
binddn="cn=syncuser,dc=exmaple,dc=com"
credentials=--password--
tls_reqcert=never
When I start slapd on the slave vm, It sound correct but only few off my
user records are sync. For example mine is not.
One the master:
# ldapsearch -x -b"ou=people,dc=example,dc=com" uid=jfoucry
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=example,dc=com> with scope subtree
# filter: uid=jfoucry
# requesting: ALL
#
# Jacques Foucry, People, example.com
dn: cn=Jacques Foucry,ou=People,dc=example,dc=com
c: France
cn: Jacques Foucry
mail: jacques.foucry@example.com
gidNumber: 1000
givenName: Jacques
homeDirectory: /home/jfoucry
loginShell: /bin/zsh
ou: RT_Users
postalCode: 75009
shadowMax: 120
shadowMin: 7
shadowWarning: 7
sn: Foucry
uidNumber: 1010
uid: jfoucry
objectClass: inetOrgPerson
objectClass: mozillaAbPersonAlpha
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: pwdPolicy
pwdAttribute: userPassword
shadowLastChange: 15987
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
On the slave:
ldapsearch -x -b"ou=people,dc=exmaple,dc=com" uid=jfoucry
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=example,dc=com> with scope subtree
# filter: uid=jfoucry
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
I can't figure what's wrong. Why some records are sync and other are
not? Is it because of ppolicy?
Thanks in advance for your help,
Jacques Foucry
--
Jacques Foucry
*NOVÎSPARKS *
IT Manager
Tel : +33 (0)1 42 68 12 61
jacques.foucry@novasparks.com