[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication problem: slapd not creating the replog



Hi, hopefully some can point me in the right direction.

After browsing the lists, checking the samples in the tests directory of the
distribution, and quadruple checking my  slapd.conf's I'm completely
puzzled.
I'm running openldap-2.0.11 on debian (sasl, ssl, and openldap are all
hand-built). I used to run openldap-2.0.7 and I'm pretty sure I had
replication working there, but now I'm not so sure.

The problem is as follows:

1) create database on master.
2) copy database to slave. (there's only 1 right now.)
3) start slapd and slurpd on master
4) start slapd on slave
5) make change to master, change doesn't propagate.

When I investigating I noticed that no replog is being created. So I turned
on config file debugging, and neither slapd nor slurpd complains. Next, I
turned on full debugging for slapd and slurpd on all hosts and watched what
happened if I started with fresh db's and made a change. The master slapd
never even touches the replog.

The replication user exists in the tree, and the password is correct. I can
manually bind to the slave as the replicator and I have full access. The
build passes all of the test in make test, so it doesn't appear to be the
software.
My rootpw's match on both servers. 

I'm pretty much at wits end, so I'd appreciate any and all help you can give
me.

Here's the slapd.conf on the master:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.

pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

#loglevel 0

#security ssf=128 tls=128 
allow tls_2_anon

# Load dynamic backend modules:
# modulepath	/sw/local/sbin/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile /etc/openldap/ssl/ca
TLSCertificateFile /etc/openldap/ssl/cert
TLSCertificateKeyFile /etc/openldap/ssl/key

#######################################################################
# ldbm database definitions
#######################################################################
database	ldbm
suffix		"o=profitlogic"
rootdn		"cn=admin,o=profitlogic"
rootpw		{SSHA}--deleted---
directory	/var/openldap-ldbm/profitlogic
index           default         pres,eq
index           objectClass,uid,uidNumber,gidNumber,cn
index		uniqueMember	pres

replogfile 	/var/openldap-ldbm/profitlogic/slapd.replog

replica 	host=ldap-ro:389 
		bindmethod=simple 
		tls=yes 
		binddn="cn=replicant, o=profitlogic" 
		credentials=--deleted--

# Support sane userPassword access
access to attribute=userPassword
	by dn="cn=admin,o=profitlogic" write
	by anonymous auth
	by self write
	by * none 

# The admin dn has full write access
access to *
	by dn="cn=admin,o=profitlogic" write
	by self write
	by * read

And here's the slapd.conf on the slave:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.

pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

loglevel 0

#security ssf=128 tls=128 
allow tls_2_anon

# Load dynamic backend modules:
# modulepath	/sw/local/sbin/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile /etc/openldap/ssl/ca
TLSCertificateFile /etc/openldap/ssl/cert
TLSCertificateKeyFile /etc/openldap/ssl/key

#######################################################################
# ldbm database definitions
#######################################################################
database	ldbm
suffix		"o=profitlogic"
directory	/var/openldap-ldbm/profitlogic
updatedn	"cn=replicant,o=profitlogic"
updateref	ldap://ldap-m0/$a
rootdn		"cn=admin,o=profitlogic"
rootpw		{SSHA}--deleted--
index           default         pres,eq
index           objectClass,uid,uidNumber,gidNumber,cn
index		uniqueMember	pres


# Support sane userPassword access
access to attribute=userPassword
	by dn="cn=admin,o=profitlogic" write
	by dn="cn=replicant,o=profitlogic" write
	by anonymous auth
	by self write
	by * none 

# The admin dn has full write access
access to *
	by dn="cn=admin,o=profitlogic" write
	by dn="cn=replicant,o=profitlogic" write
	by self write
	by * read


----
Justin Hahn              ProfitLogic
jhahn@profitlogic.com    11 Cambridge Center
Systems Administrator    Cambridge, MA 02142
o: 617-218-1986          www.profitlogic.com
m: 617-501-2743
f: 617-218-1901