[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using syncrepl for master slave relationship not working



Omar Al-Tabari wrote:

Omar Al-Tabari wrote:

Hi,
I've been trying to get a consumer server started so my client machines can connect to it and authenticate from a central repository, the consumer is taking from another "provider" server, they both share the same suffix, the provider is full of users, while the consumer has only the root of the tree added to it.
the provider slapd.conf is:
*****************************************
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/redhat/autofs.schema


sessionlog      123     100

allow bind_v2

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
database        bdb
suffix          "dc=example,dc=mycompany,dc=com"
rootdn          "cn=Manager,dc=example,dc=mycompany,dc=com"
rootpw                  {SSHA}6knlCh6UiA1U2EH9zgVCYddyT5wp/e7I

# Mode 700 recommended.
directory       /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID                  eq
index sambaPrimaryGroupSID      eq
index sambaDomainName           eq
****************************************************

the consumers slapd.conf is:
****************************************************
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema
include         /etc/openldap/schema/redhat/autofs.schema

allow bind_v2

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

database        bdb
suffix              "dc=example,dc=mycompany,dc=com"
rootdn            "cn=Manager,dc=example,dc=mycompany,dc=com"
rootpw           secret

directory       /var/lib/ldap
# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID                  eq
index sambaPrimaryGroupSID      eq
index sambaDomainName           eq

syncrepl rid=123
               provider=ldap://example.mycompany.com:389
               type=refreshOnly
               interval=00:00:01:00
               searchbase="dc=example,dc=mycompany,dc=com"
               filter="(objectClass=*)"
               scope=sub
               attrs="*"
               schemachecking=off
               updatedn="cn=manager,dc=example,dc=mycompany,dc=com"
               bindmethod=simple
               binddn="cn=manager,dc=example,dc=mycompany,dc=com"
               credentials=secret
***********************************************************

now as i read this should do replication, when i run the command "slapd -d256 -u ldap -h "ldap:///";, this is what i get:

[root@mc openldap]# slapd -d256 -u ldap -h "ldap:///";
@(#) $OpenLDAP: slapd 2.2.13 (Aug 19 2004 21:22:15) $
root@porky.build.redhat.com:/usr/src/build/440386-i386/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd


bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_db_init: Initializing BDB database
slapd starting
request 1 done
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
syncrepl_entry : be_modify failed (50)
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
syncrepl_entry : be_add failed (50)
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
syncrepl_entry : be_add failed (50)
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
syncrepl_entry : be_add failed (50)
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
syncrepl_entry : be_add failed (50)
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
syncrepl_entry : be_add failed (50)
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
syncrepl_entry : be_add failed (50)
<= bdb_equality_candidates: (entryUUID) index_param failed (18)
null_callback : error code 0x32
syncrepl_entry : be_add failed (50)
request 2 done
null_callback : error code 0x32
be_add failed (50)
null_callback : error code 0x32
request 1 done
request 2 done
request 1 done
request 2 done


and so on, what am i doing wrong, and what needs to be done to get replication started, i also need to get replication started with TLS, i can configure a single server to run TLS and everything fine, just how do you do it with replication involved???
please help me.
thanks.


I got this error message when using -d9:

ber_scanf fmt (}) ber:
bdb_dn2entry("cn=syncrepl123,dc=test,dc=batelco,dc=jo")
=> bdb_dn2id( "cn=syncrepl123,dc=test,dc=batelco,dc=jo" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990)
bdb_modify: dn2entry failed (-30990)
send_ldap_result: conn=4294967295 op=0 p=3
bdb_dn2entry("cn=syncrepl123,dc=test,dc=batelco,dc=jo")
=> bdb_dn2id( "cn=syncrepl123,dc=test,dc=batelco,dc=jo" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990)
bdb_add: no write access to parent
send_ldap_result: conn=4294967295 op=0 p=3
null_callback : error code 0x32
be_add failed (50)
put_filter: "(objectClass=*)"
put_filter: simple
put_simple_filter: "objectClass=*"
ber_scanf fmt (m) ber:
==> limits_get: conn=4294967295 op=0 dn="cn=manager,dc=test,dc=bateclo,dc=jo"
=> bdb_search
bdb_dn2entry("dc=ldaptest,dc=batelco,dc=jo")
=> bdb_dn2id( "daptest,dc=batelco,dc=jo" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990)
send_ldap_result: conn=4294967295 op=0 p=3
ldap_msgfree
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 10
ldap_free_connection: actually freed



i've added this line to the consumer slapd.conf: >>> updateref ldap://ldaptest.batelco.jo any help??

i also read the following in the Syncrepl administration guide:
" When creating a provider database from the LDIF file using /slapadd/ (8), contextCSN and the syncProviderSubentry entry must be created. /slapadd -p -w/ will create a new contextCSN from the entryCSNs of the added entries. It is also possible to create the syncProviderSubentry with an appropriate contextCSN value by directly including it in the ldif file. /slapadd -p/ will preserve the provider's contextCSN or will change it to the consumer's contextCSN if it is to promote a replica to the provider's content. The syncProviderSubentry can be included in the ldif output when /slapcat/ (8) is given the /-m/ flag; the syncConsumerSubentry can be retrieved by the /-k/ flag of /slapcat/ (8).


The session log is configured by

       sessionlog <sid> <limit>

directive, where /<sid>/ is the ID of the per-scope session log in the provider server and /<limit>/ is the maximum number of session log entries the session log store can record. /<sid>/ is an integer no longer than 3 decimal digits. If the consumer server sends a synchronization cookie containing /sid=<sid>/ where /<sid>/ matches the session log ID specified in the directive, the LDAP Sync search is to utilize the session log store."

and i got the feeling i have to do something, but i dont know how or why!! can some one help me out here. please.