[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLdap 1.2 replica setup

To: openldap-general@OpenLDAP.org
Subject: OpenLdap 1.2 replica setup
From: Dirk Vleugels <Dirk.Vleugels@de.uu.net>
Date: Wed, 24 Feb 1999 17:28:09 +0100
Cc: techdb@doosh.de.uu.net

Hello,

i'm a bit puzzled how to setup a replica LDAP server. I'm using  
"The SLAPD & SLURPD Admin Guide for Release 3.3" Paper as advice.

I added the following statements to the master slapd.conf:

replica         host="host.domain.com:389"
                binddn="uid=REPLIC,ou=Roles,dc=de,dc=uu.net"
                bindmethod=simple credentials={crypt}XXXXXXXX

replogfile      /users/confdb/run/slapd/replog

The slave slapd.conf is the same as the master conf file (except
replica and replog statements). Do I have to maintain local ACL's in
the slave slapd.conf? I do right now. 
The only other statements are:

updatedn        "uid=REPLIC,ou=Roles,dc=de,dc=uu.net"
referral        master://confdb01.de.uu.net

I tried it with & without referral option, but how would the slave
contact the master otherwise to propagate local modifies?

The above updatedn is a posixAccount entry with a {crypt} userpassword
(I assumed this is used as the replica bind credential). I gave the DN 
full write access to the slave DB:

access          to * by dn="cn=REPLIC,ou=Roles,dc=de,dc=uu.net"  write

The replogfile is written just fine, I'm able to start slurpd. The
slurpd connects to the slave server. Errorlog:

-cut

$ slurpd -d 8 -o -r replog
Processing in one-shot mode:
2 total replication records in file,
0 replication records to process.
request 1 done
request 2 done
Error: ldap_modify_s failed modifying "Insufficient access": uid=dvl,ou=People,dc=de,dc=uu.net
Error: ldap operation failed, data written to "/usr/tmp/steinbruch.de.uu.net:389.rej"
request 3 done
Error: ldap_modify_s failed modifying "Insufficient access": uid=dvl,ou=People,dc=de,dc=uu.net
Error: ldap operation failed, data written to "/usr/tmp/steinbruch.de.uu.net:389.rej"
slurpd: terminating normally

-cut

!!!!
Insufficient access? The Admin Guide doesn't mention any credential setup.
!!!!

slave slapd log:

--cut

do_bind
do_bind: version 2 dn (uid=REPLIC,ou=Roles,dc=de,dc=uu.net) method 128
dn2entry_r: dn: "UID=REPLIC,OU=ROLES,DC=DE,DC=UU.NET"
=> dn2id( "UID=REPLIC,OU=ROLES,DC=DE,DC=UU.NET" )
=> ldbm_cache_open( "/users/home/techdb/ldap/run/dn2id.dbb", 7, 600 )
<= ldbm_cache_open (opened 0)
<= dn2id 250
=> id2entry_r( 250 )
=> ldbm_cache_open( "/users/home/techdb/ldap/run/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (opened 1)
=> str2entry
<= str2entry 0x98018
<= id2entry_r( 250 ) (disk)
====> cache_return_entry_r
do_bind: bound "uid=REPLIC,ou=Roles,dc=de,dc=uu.net" to "uid=REPLIC,ou=Roles,dc=de,dc=uu.net"
send_ldap_result 0::
do_modify
add_lastmods
add_lastmods: found lastmod attr: modifytimestamp
add_lastmods: found lastmod attr: createtimestamp
dn2entry_w: dn: "UID=DVL,OU=PEOPLE,DC=DE,DC=UU.NET"
=> dn2id( "UID=DVL,OU=PEOPLE,DC=DE,DC=UU.NET" )
=> ldbm_cache_open( "/users/home/techdb/ldap/run/dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id 215
=> id2entry_w( 215 )
=> ldbm_cache_open( "/users/home/techdb/ldap/run/id2entry.dbb", 7, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry 0x99948
<= id2entry_w( 215 ) (disk)
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: CN=REPLIC,OU=ROLES,DC=DE,DC=UU.NET
=> string_expand: pattern:  CN=REPLIC,OU=ROLES,DC=DE,DC=UU.NET
=> string_expand: expanded: CN=REPLIC,OU=ROLES,DC=DE,DC=UU.NET
=> regex_matches: string:   UID=REPLIC,OU=ROLES,DC=DE,DC=UU.NET
=> regex_matches: rc: 1 no matches
send_ldap_result 50::
====> cache_return_entry_w
do_modify
add_lastmods
add_lastmods: found lastmod attr: modifytimestamp
add_lastmods: found lastmod attr: modifiersname
dn2entry_w: dn: "UID=DVL,OU=PEOPLE,DC=DE,DC=UU.NET"
=> dn2id( "UID=DVL,OU=PEOPLE,DC=DE,DC=UU.NET" )
====> cache_find_entry_dn2id: found dn: UID=DVL,OU=PEOPLE,DC=DE,DC=UU.NET
<= dn2id 215 (in cache)
=> id2entry_w( 215 )
====> cache_find_entry_dn2id: found id: 215 rw: 1
<= id2entry_w 0x99948 (cache)
=> dnpat: [1] .* nsub: 0
=> acl_get:[1]  backend ACL match
<= check a_dnpat: CN=REPLIC,OU=ROLES,DC=DE,DC=UU.NET
=> string_expand: pattern:  CN=REPLIC,OU=ROLES,DC=DE,DC=UU.NET
=> string_expand: expanded: CN=REPLIC,OU=ROLES,DC=DE,DC=UU.NET
=> regex_matches: string:   UID=REPLIC,OU=ROLES,DC=DE,DC=UU.NET
=> regex_matches: rc: 1 no matches
send_ldap_result 50::
====> cache_return_entry_w
ber_get_next on fd 6 failed errno 0 (Error 0)
*** got 0 of 0 so far

--cut

Any hints? Any nice HOWTO available?

Regards,
Dirk


-- 
Dirk.Vleugels@de.uu.net              http://www.de.uu.net
Tools & Standards                    UUnet Deutschland GmbH
Tel. +49 231 972 00                  Emil-Figge-Strasse 80
Fax. +49 231 972 1180                44227 Dortmund, Germany

Follow-Ups:
- Re: OpenLdap 1.2 replica setup
  - From: John Hensley <hensley@merit.edu>

Prev by Date: RE: ldbmcat problem - fix
Next by Date: partial replication, limited attributes.
Index(es):
- Chronological
- Thread