[Fwd: Re: Syncrep without sessionlog in slapd.conf]

[Firman Indra Buana <qumel2k@yahoo.com.sg>]

--- Begin Message ---

• To: Firman Indra Buana <qumel2k@yahoo.com.sg>
• Subject: Re: Syncrep without sessionlog in slapd.conf
• From: Lee Jensen <lee_jensen@sento.com>
• Date: Thu, 17 Mar 2005 13:19:38 -0700
• Authentication-results: mta189.mail.re2.yahoo.com from=sento.com; domainkeys=neutral (no sig)
• Delivered-to: firman.indrabuana@kwe-i.co.id
• In-reply-to: <42394806.10300@yahoo.com.sg>
• References: <200503142255.03769.pupeno@pupeno.com> <F4CEA7EDE6774DC1EF2D50A2@cadabra-dsl.stanford.edu> <200503151310.10783.pupeno@pupeno.com> <200503152053.28655.pupeno@pupeno.com> <6.2.1.2.0.20050315160831.02749658@mail.openldap.org> <3D1243C3E9105E2043650515@cadabra-dsl.stanford.edu> <6.2.1.2.0.20050315170355.0273fe08@mail.openldap.org> <423796F8.2080509@yahoo.com.sg> <4237DFCB.6050309@symas.com> <4237EED0.4050700@yahoo.com.sg> <1110985764.24878.30.camel@localhost> <42394806.10300@yahoo.com.sg>

On Thu, 2005-03-17 at 16:04 +0700, Firman Indra Buana wrote:
> Hi,
> 
> Could you give an example, what to put on updatedn, binddn and 
> credential. For example my name is register on this master ldap, could I 
> use for both. Sorry to ask more since I'm very newbi on openldap.

The updatedn is a dn that has access to write to the entire subtree of
the slave server. The syncrepl service in the slave's slapd daemon uses
it internally as the dn to make modification calls. No password needs to
be configured for it because it's used internally in the slave server.

binddn and credentials specify the binddn and password for that dn on
the master server.

> but when I run it there is
> 
> ldap_msgfree
> => bdb_entry_get: ndn: "cn=syncrepl0,o=mydomain.com"
> => bdb_entry_get: oc: "(null)", at: "syncreplCookie"
> bdb_dn2entry("cn=syncrepl0,o=mydomain.com")
> => bdb_dn2id( "o=mydomain.com" )
> <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found 
> (-30990)
> => bdb_entry_get: cannot find entry: "cn=syncrepl0,o=mydomain.com"
> ldap_search_ext
> 

LDAP uses a sort of internal hidden object on the consumer
(syncrepl<rid>) in order to keep track of state information sent from
the master server. (see the admin guide for more info)

These errors are reporting the non-existence of this object. Why this is
happening I am not totally certain. It's reasonable that they would
appear if this is the first time you are running syncrepl. If it
persists I would imagine it's caused because your updatedn does not have
access to write to the tree on the slave you are syncing.

If anyone else can provide more info please do.

Lee

> Hope this help.
> 
> Thank You,
> 
> Lee Jensen wrote:
> 
> >On Wed, 2005-03-16 at 15:31 +0700, Firman Indra Buana wrote:
> >  
> >
> >>Hi,
> >>
> >>Sorry for the ambiguity, the case is I want to synrepl other master 
> >>ldap. There is master ldap with openldap, the resource is close for me 
> >>unless for query. So I've an idea to syncrepl but how to do it without 
> >>doing any change in configuration of master ldap. So only write to my 
> >>database not to the master. Hope there is a answer for this.
> >>    
> >>
> >
> >I think I understand what you are asking. Let me make sure...
> >
> >You want to be able to do replication without modifying the
> >configuration of the master whatsoever... Correct??
> >
> >First, this is possible.
> >
> >However for syncrepl replication you need 2 user DNs one in the slave
> >and one in the master. The master dn you use must be able to read
> >everything in the tree. The manager DN can do this by default but I
> >would not recommend using it unless you have to because it requires you
> >to place the managers password into the slave configuration file.
> >
> >The DN in the slave just needs to exist, it can be any class of object,
> >whatever you choose, but it must be given access through ACLs to write
> >to the entire tree.
> >
> >Hope this clarifies...
> >
> >Lee Jensen
> >
> >
> >  
> >
> 

--- End Message ---