[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication/Slave Setup in Fedora Core 1



Hello,

I'm currently trying to setup openldap replication to a slave and have a
few questions.  The setup I currently have propogates changes from the
master to the slave, that part works great.  However, changes sent to a
slave, are not referred to the master.  The change happens on the slave
though, which is strange.  I thought updates/modifications were only
supposed to happen on the master, hence the need for updateurl in the
slave slapd.conf?

My second question is, does replication support tls/ssl?  Or is everything
clear text?  It seems to support it, thought I am not sure how to verify.

My last question is, currently, i use cn=Replicato,dc=example,dc=com as my
replicator account to propogate changes from the master to the slave.
Weird thing is, I didn't even have to add the account to the ldap database
for it to work, just had to get the acl's setup and working correctly.
Is that normal behavior?

Perhaps someone could take the time to look below at my config files and
offer some suggestions.  I've read the faq-omatic and searched the mailing
list archives as well as google, but haven't been able to figure this out
100% yet.  Thanks!

Jason


----- master slapd.conf ------
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/redhat/autofs.schema

loglevel 0

pidfile /var/run/slapd.pid

TLSCipherSuite HIGH
TLSCertificateFile /etc/openldap/ssl/client-ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem
TLSCACertificateFile /etc/openldap/ssl/client-ldap.pem

database        ldbm
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
password-hash   {crypt}
password-crypt-salt-format      "$1$%.8s"

cachesize 100000
dbcachesize 1000000

rootpw          {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==

directory       /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

replogfile /var/lib/ldap/openldap-master-replog
replica host=my-slave.example.com:389 tls=yes
     bindmethod=simple credentials=secret
     binddn="cn=Replicator,dc=example,dc=com"

access to dn=".*,ou=People,dc=example,dc=com" attr="userPassword"
 by dn="cn=Manager,dc=example,dc=com" write
 by self write
 by * auth

access to dn=".*,ou=People,dc=example,dc=com"
attrs="loginShell,gecos,mail"
 by dn="cn=Manager,dc=example,dc=com" write
 by self write
 by * read

access to dn=".*,ou=People,dc=example,dc=com"
 by * read

access to dn=".*,dc=example,dc=com"
 by * read

------- end master slapd.conf ------



------- slave slapd.conf -------
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/redhat/autofs.schema

loglevel 0

pidfile /var/run/slapd.pid

TLSCipherSuite HIGH
TLSCertificateFile /etc/openldap/ssl/client-ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem
TLSCACertificateFile /etc/openldap/ssl/client-ldap.pem

database        ldbm
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
password-hash   {crypt}
password-crypt-salt-format      "$1$%.8s"

dbnosync

cachesize 100000
dbcachesize 1000000

rootpw          {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==

directory       /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

updatedn "cn=Replicator,dc=example,dc=com"
updateref ldap://my-server.example.com

access to dn=".*,ou=People,dc=example,dc=com" attr="userPassword"
 by dn="cn=Replicator,dc=example,dc=com" write
 by self read
 by * none

access to dn=".*,ou=People,dc=example,dc=com" attrs="loginShell,gecos,mail"
 by dn="cn=Replicator,dc=example,dc=com" write
 by * read

access to dn=".*,ou=People,dc=example,dc=com"
 by dn="cn=Replicator,dc=example,dc=com" write
 by * read

access to dn=".*,dc=example,dc=com"
 by dn="cn=Replicator,dc=example,dc=com" write
 by * read

------ end slave slapd.conf ------