[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Replication referral
Hi there,
I really would like to run a replica of an LDAP-directory but the whole
thing gets a bit annoying now and besides I'm very much disappointed of
the so called OpenLDAP2.0 Administrator's guide.
But let's come to the point:
Replication is working (well, with the rootpw in cleartext in the replica
directive:( ) and wasn't that much of a problem to bring up.
But when I make an update of a slave server (currently with ldapbrowser as
rootdn), what happens? : The slave server gets updated and there is no
communication to the master server at all.
This makes the whole thing completely useless because it means
desynchronisation whenever an update request is sent to a slave server.
>From the documentation I should think that if you configure a server as a
slave (update* directives) then it ALWAYS passes update requests to the
master. It may not under any circumstance do a local update because
clearly we have desynchronisation as mentioned above.
I didn't try if it's working with ldapmodify, but anyway, as long as there
is any tool which manages to change the slave server directly, the whole
concept is broken.
Am I doing something wrong?
Appended are the slapd.conf's from master and servant.
I really would appreciate any help.
Thanks in advance.
Matthias Mikuletz
MASTER:
---snip---
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
password-hash {SMD5}
loglevel 0
access to * by * read
database ldbm
suffix "dc=xxxx,dc=DE"
rootdn "cn=Manager,dc=xxxx,dc=DE"
rootpw {SMD5}xxxx
directory /var/lib/ldap
access to attr=userPassword by self write by anonymous auth
replica host=slave.xxxx:389 bindmethod=simple credentials=xxxx binddn="cn=Manager,dc=xxxx,dc=DE"
replogfile /var/lib/ldap/ldaprep.log
---snip---
SLAVE:
---snip---
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema
password-hash {SMD5}
loglevel 0
access to * by * read
database ldbm
suffix "dc=xxxx,dc=DE"
rootdn "cn=Manager,dc=xxxx,dc=DE"
rootpw {SMD5}xxxxx
directory /var/lib/ldap
access to attr=userPassword by self write by anonymous auth
updatedn "cn=Manager,dc=xxxx,dc=DE"
updateref "ldap:master.xxxx:389"
---snip---
--
Matthias Mikuletz | Technologiezentrum | www.inside-security.de
Inside Security | Nobelstr. 15 | Fon 0711 / 68 68 70 36
IT Consulting GmbH | 70569 Stuttgart | Fax 0711 / 68 68 70 31
pub key: www.inside-security.de/mm.asc | mm@inside-security.de