[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP - multi-master problem...

I'm currently trying to set up a multi-master environment using OpenLDAP (version 2.1.17). I want to set up two masters (a primary and a secondary), using one "slurpd" to propagate the changes from the primary to the secondary. If the primary server goes down, I want to be able to connect to the secondary server (for redundancy reasons). In order to easily restore the primary server, I would like the secondary to also write out a "replogfile".

I've run ./configure and then defined SLAPD_MULTIMASTER (in portable.h) before running "make depend"...

The problem is as follows: If I use the "rootdn" to connect, the "slurpd" works fine, but I can't add entries to the secondary master. If I use another binddn, "slurpd" gets problems to connect (insufficient access), but the client can add entries to the secondary master. If anyone has experienced a similar problem and solved it, I would really appreciate some comments...

The following statements exists in the respective configuration files and the "ldif" file:

Primary server extractions:

Include	/opt/openldap/etc/openldap/schema/core.schema
pidfile	/opt/openldap/var/primary.pid
argsfile	/opt/openldap/var/primary.args

replogfile	/opt/openldap/log/primary.log

database	ldbm
suffix	"dc=viking-telecom,dc=com"
rootdn	"cn=Manager,dc=viking-telecom,dc=com"
rootpw	secret
directory	/opt/openldap/var/primary
index		objectClass	eq

replica	host=mainhost:3890
				binddn="cn=Primary,dc=viking-telecom,dc=com"
		bindmethod=simple credentials=secret

Secondary server extractions:

include	/opt/openldap/etc/openldap/schema/core.schema
pidfile	/opt/openldap/var/secondary.pid
argsfile	/opt/openldap/var/secondary.args

access to attr=userPassword by dn="cn=Primary,dc=viking-telecom,dc=com" write
access to * by dn="cn=Primary,viking-telecom,dc=com" write

replogfile	/opt/openldap/log/secondary.log

database	ldbm
suffix	"dc=viking-telecom,dc=com"
rootdn	"cn=Manager,dc=viking-telecom,dc=com"
updatedn	"cn=Primary,dc=viking-telecom,dc=com"
rootpw	secret

directory	/opt/openldap/var/secondary
index		objectClass	eq

"ldif" file extractions:

	dn: cn=Manager,dc=viking-telecom,dc=com
	objectClass: top
	objectClass: organizationalRole
	objectClass: simpleSecurityObject
	cn: Manager
	userPassword: secret
	description: Manages the LDAP directories

	dn: cn=Primary,dc=viking-telecom,dc=com
	objectClass: top
	objectClass: organizationalRole
	objectClass: simpleSecurityObject
	cn: Primary
	userPassword: secret
	description: Manages secondary server LDAP replication

Per Brandstrom, Viking Telecom AB