[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replica:can't insert entry from slave server

To: openldap-software@OpenLDAP.org
Subject: Re: Replica:can't insert entry from slave server
From: John Beamon <jbeamon@franklinamerican.com>
Date: Tue, 13 May 2003 08:42:21 -0500
In-reply-to: <Law15-F88t9MVO0avrC00018efd@hotmail.com>
Organization: Franklin American Mortgage
References: <Law15-F88t9MVO0avrC00018efd@hotmail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312

richard mou wrote:
> I got problems:
> This is a LAN, ldap master server "master", ldap replica slave server 
> "slave".
> The slapd.conf on master(192.168.12.132) is:
> database        ldbm
> suffix          "dc=mt,dc=com"
> rootdn          "cn=beijing,dc=mt,dc=com"
> rootpw          secret
> access to * by dn.base="cn=Slave,dc=mt,dc=com" write
>         by  dn.base="cn=beijing,dc=mt,dc=com" write
>         by  dn.base="cn=shanghai,dc=mt,dc=com" write
>        by * read
> directory       /etc/openldap/ldap
> replica host=192.168.12.134:389
>         bindmethod=simple credentials=secret
>         binddn="cn=Slave,dc=mt,dc=com"
> 
> The slapd.conf on slave(192.168.12.132) is:
> database        ldbm
> suffix          "dc=mt,dc=com"
> rootdn          "cn=shanghai,dc=mt,dc=com"
> rootpw          secret
> access to * by dn.base="cn=Slave,dc=mt,dc=com" write
>         by  dn.base="cn=beijing,dc=mt,dc=com" write
>         by  dn.base="cn=shanghai,dc=mt,dc=com" write
>         by * read
> updatedn        "cn=Slave,dc=mt,dc=com"
> updateref       192.168.12.132:389
> 
> I have added the users with objectClass "top" and "person": 
> shanghai,beijing, slave
> 
> Now, the replica from master to slave is good, but the replica from 
> slave to master is not running:
> ldapadd -D "cn=shanghai,dc=mt,dc=com" -x -w secret -f person.ldif
> adding new entry "cn=sh02,dc=mt,dc=com"
> ldapadd: update failed: cn=sh02,dc=mt,dc=com
> ldap_add: Referral (10)
>         referrals:
>                 192.168.12.132:389
> 
> I got the same error when binding "cn=beijing,dc=mt, dc=com".
> While, I can succeed when binding "cn=slave, dc=mt,dc=com", but the 
> entry is only inserted into the slave server, not able to be inserted 
> into the master.
> 
> What is wrong?
> Anyone can help me?
> 
> _________________________________________________________________
> 免费下载 MSN Explorer:   http://explorer.msn.com/lccn/ 
> 

I just worked through this myself.  New to LDAP, newer to the list.

When you bind to the slave as the updatedn, the slave mistakes you for a
replication request from the server, as if the server's already been
updated.  That's why it updates the slave without populating back up.

As for replication from the slave up, this is my experience.  I've read
that this feature doesn't work yet in the openldap-2.x series.  I've
read that the ldap client softwares in that distribution do not follow
referrals, and that has been my practical experience as well.  At this
time, I have updates to the master replicating out to slaves through TLS
sessions, but I cannot update by talking to a slave.

Your mileage may vary.  Experts with other experience are welcome to
chime in and enlighten us both.

John Beamon

References:
- Replica:can't insert entry from slave server
  - From: "richard mou" <mourichard@hotmail.com>

Prev by Date: Re: ldap_result() fails on large results
Next by Date: RE: ldapsearch
Index(es):
- Chronological
- Thread