[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Replication/Slave Setup in Fedora Core 1
Hello,
I'm currently trying to setup openldap replication to a slave and have a
few questions. The setup I currently have propogates changes from the
master to the slave, that part works great. However, changes sent to a
slave, are not referred to the master. The change happens on the slave
though, which is strange. I thought updates/modifications were only
supposed to happen on the master, hence the need for updateurl in the
slave slapd.conf?
My second question is, does replication support tls/ssl? Or is everything
clear text? It seems to support it, thought I am not sure how to verify.
My last question is, currently, i use cn=Replicato,dc=example,dc=com as my
replicator account to propogate changes from the master to the slave.
Weird thing is, I didn't even have to add the account to the ldap database
for it to work, just had to get the acl's setup and working correctly.
Is that normal behavior?
Perhaps someone could take the time to look below at my config files and
offer some suggestions. I've read the faq-omatic and searched the mailing
list archives as well as google, but haven't been able to figure this out
100% yet. Thanks!
Jason
----- master slapd.conf ------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/redhat/autofs.schema
loglevel 0
pidfile /var/run/slapd.pid
TLSCipherSuite HIGH
TLSCertificateFile /etc/openldap/ssl/client-ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem
TLSCACertificateFile /etc/openldap/ssl/client-ldap.pem
database ldbm
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
password-hash {crypt}
password-crypt-salt-format "$1$%.8s"
cachesize 100000
dbcachesize 1000000
rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
replogfile /var/lib/ldap/openldap-master-replog
replica host=my-slave.example.com:389 tls=yes
bindmethod=simple credentials=secret
binddn="cn=Replicator,dc=example,dc=com"
access to dn=".*,ou=People,dc=example,dc=com" attr="userPassword"
by dn="cn=Manager,dc=example,dc=com" write
by self write
by * auth
access to dn=".*,ou=People,dc=example,dc=com"
attrs="loginShell,gecos,mail"
by dn="cn=Manager,dc=example,dc=com" write
by self write
by * read
access to dn=".*,ou=People,dc=example,dc=com"
by * read
access to dn=".*,dc=example,dc=com"
by * read
------- end master slapd.conf ------
------- slave slapd.conf -------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/redhat/autofs.schema
loglevel 0
pidfile /var/run/slapd.pid
TLSCipherSuite HIGH
TLSCertificateFile /etc/openldap/ssl/client-ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem
TLSCACertificateFile /etc/openldap/ssl/client-ldap.pem
database ldbm
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
password-hash {crypt}
password-crypt-salt-format "$1$%.8s"
dbnosync
cachesize 100000
dbcachesize 1000000
rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
updatedn "cn=Replicator,dc=example,dc=com"
updateref ldap://my-server.example.com
access to dn=".*,ou=People,dc=example,dc=com" attr="userPassword"
by dn="cn=Replicator,dc=example,dc=com" write
by self read
by * none
access to dn=".*,ou=People,dc=example,dc=com" attrs="loginShell,gecos,mail"
by dn="cn=Replicator,dc=example,dc=com" write
by * read
access to dn=".*,ou=People,dc=example,dc=com"
by dn="cn=Replicator,dc=example,dc=com" write
by * read
access to dn=".*,dc=example,dc=com"
by dn="cn=Replicator,dc=example,dc=com" write
by * read
------ end slave slapd.conf ------