[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldaps replication question



Hi, all, 

I cannot get replication to work even I get no error message. I change a record on the Master but when I check it on the slave, it remains unchanged. (Is it immediate?)

The following command on slave: ldapsearch -x -h [MASTER HOST NAME] -W -D 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=tam)'
returns no error message and gives the expected record. 

I am suspecting I may have screwed up the ssl/tls setting for the slave as I dont know what to put there. The master is set to use ssl/tls and it communicates fine with the client thru the ldaps protocol. 

Your help is much needed. 

First come the slapd.conf of the slave (I dont have the lines for ssl certs. I just use the ldaps address in the replication directive. Is that enough?):

###  configuration for IER
###  writeen by T.Tanaka

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"
rootdn          "cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
rootpw SLAVEPW
directory       /var/lib/ldap


# Replicas of this database


# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryCSN,entryUUID eq  
idlcachesize 1000


access to attrs=userPassword
  by dn="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" write
  by self write
  by anonymous auth
  by * none


access to * 
  by dn="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" write
  by self write
  by * read




#loglevel stats sync

syncrepl rid=001                                   
    provider=ldaps://mail.ier.hit-u.ac.jp      
    type=refreshAndPersist
    interval=00:00:05:00
    searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"          
    binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
    credentials=SLAVEPW


Next come the slapd.conf of the master:

###  configuration for IER
###  writeen by T.Tanaka
###  edited by WL.Tam



include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema


# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args


#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"
rootdn          "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
rootpw MASTERPW
directory       /var/lib/ldap


TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key


overlay syncprov
syncprov-checkpoint 50 10
syncprov-sessionlog 100   




# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryCSN,entryUUID eq 
idlcachesize 1000


access to attrs=userPassword
  by self write
  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
  by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by anonymous auth
  by * none



access to attrs=SambaLMPassword,SambaNTPassword
  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
  by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by self read
  by anonymous auth
  by * none

access to *
  by self write
  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by * read