[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Replication problem: slapd not creating the replog
Hi, hopefully some can point me in the right direction.
After browsing the lists, checking the samples in the tests directory of the
distribution, and quadruple checking my slapd.conf's I'm completely
puzzled.
I'm running openldap-2.0.11 on debian (sasl, ssl, and openldap are all
hand-built). I used to run openldap-2.0.7 and I'm pretty sure I had
replication working there, but now I'm not so sure.
The problem is as follows:
1) create database on master.
2) copy database to slave. (there's only 1 right now.)
3) start slapd and slurpd on master
4) start slapd on slave
5) make change to master, change doesn't propagate.
When I investigating I noticed that no replog is being created. So I turned
on config file debugging, and neither slapd nor slurpd complains. Next, I
turned on full debugging for slapd and slurpd on all hosts and watched what
happened if I started with fresh db's and made a change. The master slapd
never even touches the replog.
The replication user exists in the tree, and the password is correct. I can
manually bind to the slave as the replicator and I have full access. The
build passes all of the test in make test, so it doesn't appear to be the
software.
My rootpw's match on both servers.
I'm pretty much at wits end, so I'd appreciate any and all help you can give
me.
Here's the slapd.conf on the master:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
#loglevel 0
#security ssf=128 tls=128
allow tls_2_anon
# Load dynamic backend modules:
# modulepath /sw/local/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile /etc/openldap/ssl/ca
TLSCertificateFile /etc/openldap/ssl/cert
TLSCertificateKeyFile /etc/openldap/ssl/key
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "o=profitlogic"
rootdn "cn=admin,o=profitlogic"
rootpw {SSHA}--deleted---
directory /var/openldap-ldbm/profitlogic
index default pres,eq
index objectClass,uid,uidNumber,gidNumber,cn
index uniqueMember pres
replogfile /var/openldap-ldbm/profitlogic/slapd.replog
replica host=ldap-ro:389
bindmethod=simple
tls=yes
binddn="cn=replicant, o=profitlogic"
credentials=--deleted--
# Support sane userPassword access
access to attribute=userPassword
by dn="cn=admin,o=profitlogic" write
by anonymous auth
by self write
by * none
# The admin dn has full write access
access to *
by dn="cn=admin,o=profitlogic" write
by self write
by * read
And here's the slapd.conf on the slave:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
loglevel 0
#security ssf=128 tls=128
allow tls_2_anon
# Load dynamic backend modules:
# modulepath /sw/local/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile /etc/openldap/ssl/ca
TLSCertificateFile /etc/openldap/ssl/cert
TLSCertificateKeyFile /etc/openldap/ssl/key
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "o=profitlogic"
directory /var/openldap-ldbm/profitlogic
updatedn "cn=replicant,o=profitlogic"
updateref ldap://ldap-m0/$a
rootdn "cn=admin,o=profitlogic"
rootpw {SSHA}--deleted--
index default pres,eq
index objectClass,uid,uidNumber,gidNumber,cn
index uniqueMember pres
# Support sane userPassword access
access to attribute=userPassword
by dn="cn=admin,o=profitlogic" write
by dn="cn=replicant,o=profitlogic" write
by anonymous auth
by self write
by * none
# The admin dn has full write access
access to *
by dn="cn=admin,o=profitlogic" write
by dn="cn=replicant,o=profitlogic" write
by self write
by * read
----
Justin Hahn ProfitLogic
jhahn@profitlogic.com 11 Cambridge Center
Systems Administrator Cambridge, MA 02142
o: 617-218-1986 www.profitlogic.com
m: 617-501-2743
f: 617-218-1901