[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multimaster Replication

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Multimaster Replication
From: "Weiner, Michael" <weinerm@ccf.org>
Date: Mon, 8 May 2017 15:51:12 +0000
Accept-language: en-US
Content-language: en-US
Thread-index: AdLIEgMUqkqNFuXFRPm0Ql7sCR1h1Q==
Thread-topic: Multimaster Replication

Searching through the archives, helpful information, but I wasn't able to find anything that quite matched my issue. Some background, I am running CentOS 7 with OpenLDAP version 2.4.40 and I have been following along a tutorial I found here:

http://linoxide.com/linux-how-to/setup-openldap-multi-master-replication-centos-7/

everything goes well, of course,until the very last step where I have to add the replication information, I recreated this ldif:

dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 101 ldap://lri-ldap1
olcServerID: 201 ldap://lri-ldap2
olcServerID: 301 ldap://lri-ldap3
olcServerID: 401 ldap://lri-ldap4

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://lri-ldap1:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00
olcSyncRepl: rid=002 provider=ldap://lri-ldap2:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00
olcSyncRepl: rid=003 provider=ldap://lri-ldap3:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00
olcSyncRepl: rid=004 provider=ldap://lri-ldap4:389/ bindmethod=simple binddn="cn=admin,dc=lerner,dc=ccf,dc=org" credentials=password12 searchbase="dc=lerner,dc=ccf,dc=org" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00
-
add: olcMirrorMode
olcMirrorMode: TRUE

dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

and then ldapmodify -Y EXTERNAL -H ldapi:/// -f rp.ldif   on all 4 masters, and what I get is, they are all just sitting there not providing me with a prompt:

[root@lri-ldap4 openldap]# ldapadd -Y EXTERNAL -H ldapi:/// -f rp.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

and I cannot tell what it is actually doing at this stage. I check systemctl status spald:

May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=0 RESULT tag=97 err=0 text=
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 MOD dn="cn=config"
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 MOD attr=olcServerID
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=1 RESULT tag=103 err=0 text=
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 MOD dn="olcDatabase={2}hdb,cn=config"
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 MOD attr=olcSyncRepl olcMirrorMode
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=2 RESULT tag=103 err=0 text=
May 08 11:17:15 lri-ldap1 slapd[3856]: conn=1000 op=3 ADD dn="olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"

And that's where it stops, but I never get a prompt on any of the masters. Has anyone else seen this? Where did I go wrong? And how can I move forward?

Thanks in advance
Michael



===================================


 Please consider the environment before printing this e-mail

Cleveland Clinic is ranked as one of the top hospitals in America by U.S.News & World Report (2015).  
Visit us online at http://www.clevelandclinic.org for a complete listing of our services, staff and locations.


Confidentiality Note:  This message is intended for use only by the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law.  If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.  If you have received this communication in error,  please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy.  

Thank you.

Follow-Ups:
- Re: Multimaster Replication
  - From: Alex M <lists@male.donotuse.de>

Prev by Date: Re: [SOLVED] Re: chain overlay does an anonymous bind and ignores the chain binddn (v2.4.44)
Next by Date: Re: Antw: Re: Secure replication
Index(es):
- Chronological
- Thread