I start everything with -d 65535 ( ie master slapd, slave slapd and
slurpd on master )
when I updated userpassword on master, it create the slurpd.replog,
but slurpd didn't do anything. nothing show up on the slave slapd's
log or the slurpd log. It looks like slurpd didn't know it needs to
replica.
the last few message on slurpd are
.....
Config: (lastmod on)
Config: ** configuration file successfully read and parsed
begin replication thread for ldap02.example.com:389
master's slapd.conf :
============================================================
include /export/groups/openldap/etc/openldap/schema/core.schema
include /export/groups/openldap/etc/openldap/schema/corba.schema
include /export/groups/openldap/etc/openldap/schema/cosine.schema
include
/export/groups/openldap/etc/openldap/schema/inetorgperson.schema
include /export/groups/openldap/etc/openldap/schema/java.schema
include
/export/groups/openldap/etc/openldap/schema/krb5-kdc.schema
include /export/groups/openldap/etc/openldap/schema/misc.schema
include /export/groups/openldap/etc/openldap/schema/nis.schema
include
/export/groups/openldap/etc/openldap/schema/openldap.schema
include /export/groups/openldap/etc/openldap/schema/qmail.schema
pidfile /export/groups/openldap/var/slapd.pid
argsfile /export/groups/openldap/var/slapd.args
loglevel 0
database bdb
suffix "dc=ldap01,dc=example,dc=com"
rootdn "uid=root,ou=People,dc=ldap01,dc=example,dc=com"
rootpw password
directory /export/groups/openldap/var/openldap-bdb
replica host=ldap02.example.com:389
binddn="uid=root,ou=People,dc=ldap01,dc=example,dc=com"
bindmethod=simple
credentials=password
replogfile /export/groups/openldap/log/slurpd.replog
index cn,sn,mail,givenname,uid,uidNumber,gidNumber eq
index objectClass eq
TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA
TLSCACertificateFile /export/groups/openldap/cert/ca/ca-example.crt
TLSCertificateFile
/export/groups/openldap/cert/ldap01.example.com.ldap.pem.crt
TLSCertificateKeyFile
/export/groups/openldap/cert/ldap01.example.com.ldap.
pem
TLSVerifyClient demand
access to dn=".*,ou=People,dc=ldap01,dc=example,dc=com"
attr=userPassword
by self write
by dn="uid=root,ou=People,dc=ldap01,dc=example,dc=com"
by anonymous auth
access to dn=".*,ou=People,dc=ldap01,dc=example,dc=com"
attr=shadowMin,shadowMax,shadowWarning,shadowInactive,shadowExpire,shadowFlag
by * read
access to dn=".*,ou=People,dc=ldap01,dc=example,dc=com"
by self write
by dn="uid=root,ou=People,dc=ldap01,dc=example,dc=com"
by * read
access to dn=".*,dc=ldap01,dc=example,dc=com"
by dn="uid=tester,ou=People,dc=ldap01,dc=example,dc=com" write
by * read
============================================================
slave's slapd.conf
============================================================
include /export/groups/openldap/etc/openldap/schema/core.schema
include /export/groups/openldap/etc/openldap/schema/corba.schema
include /export/groups/openldap/etc/openldap/schema/cosine.schema
include
/export/groups/openldap/etc/openldap/schema/inetorgperson.schema
include /export/groups/openldap/etc/openldap/schema/java.schema
include
/export/groups/openldap/etc/openldap/schema/krb5-kdc.schema
include /export/groups/openldap/etc/openldap/schema/misc.schema
include /export/groups/openldap/etc/openldap/schema/nis.schema
include
/export/groups/openldap/etc/openldap/schema/openldap.schema
include /export/groups/openldap/etc/openldap/schema/qmail.schema
pidfile /export/groups/openldap/var/slapd.pid
argsfile /export/groups/openldap/var/slapd.args
loglevel 0
database bdb
suffix "dc=ldap01,dc=example,dc=com"
rootdn "uid=root,ou=People,dc=ldap01,dc=example,dc=com"
rootpw password
directory /export/groups/openldap/var/openldap-bdb
rootbinddn "uid=root,ou=People,dc=ldap01,dc=example,dc=com"
updatedn "uid=root,ou=People,dc=ldap01,dc=example,dc=com"
updateref ldap://ldap01.example.com:389
index cn,sn,mail,givenname,uid,uidNumber,gidNumber eq
index objectClass eq
TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA
TLSCACertificateFile /export/groups/openldap/cert/ca/ca-example.crt
TLSCertificateFile
/export/groups/openldap/cert/ldap02.example.com.ldap.pem.crt
TLSCertificateKeyFile
/export/groups/openldap/cert/ldap02.example.com.ldap.pem
TLSVerifyClient demand
access to dn=".*,ou=People,dc=ldap01,dc=example,dc=com"
attr=userPassword
by self write
by dn="uid=root,ou=People,dc=ldap01,dc=example,dc=com"
by anonymous auth
access to dn=".*,ou=People,dc=ldap01,dc=example,dc=com"
attr=shadowMin,shadowMax,shadowWarning,shadowInactive,shadowExpire,shadowFlag
by * read
access to dn=".*,ou=People,dc=ldap01,dc=example,dc=com"
by self write
by dn="uid=root,ou=People,dc=ldap01,dc=example,dc=com"
by * read
access to dn=".*,dc=ldap01,dc=example,dc=com"
by dn="uid=tester,ou=People,dc=ldap01,dc=example,dc=com" write
by * read
lastmod on
============================================================