[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using syncrepl for master slave relationship not working

To: openldap-software <openldap-software@OpenLDAP.org>
Subject: Re: using syncrepl for master slave relationship not working
From: Omar Al-Tabari <otabari@batelco.jo>
Date: Sun, 27 Mar 2005 08:54:22 +0200
In-reply-to: <42415152.9040008@symas.com>
References: <424037D6.40402@batelco.jo> <42412566.7050007@batelco.jo> <42412F90.7080403@batelco.jo> <42415152.9040008@symas.com>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

I can't seem to make it work, I've installed OpenLdap v 2.3 on the consumer machine and configured the slapd as such: **************************************** # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema//redhat/autofs.schema # Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

database        bdb
suffix          "dc=ldaptest,dc=batelco,dc=jo"
rootdn          "cn=Manager,dc=ldaptest,dc=batelco,dc=jo"
rootpw          {SSHA}6knlCh6UiA1U2EH9zgVCYddyT5wp/e7I

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /usr/local/var/openldap-data

# Indices to maintain
#index  objectClass     eq
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryUUID                         eq

syncrepl rid=123
               provider=ldap://ldaptest.batelco.jo:389
               type=refreshOnly
               interval=00:00:01:00
               searchbase="dc=ldaptest,dc=batelco,dc=jo"
               filter="(objectClass=*)"
               scope=sub
               attrs="*"
               schemachecking=off
               updatedn="cn=manager,dc=ldaptest,dc=batelco,dc=jo"
               bindmethod=simple
               binddn="cn=manager,dc=ldaptest,dc=batelco,dc=jo"
               credentials=secret
*****************************************************

the provider slapd is version 2.2.13 and is configured as such:
*****************************************************
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema
include         /etc/openldap/schema/redhat/autofs.schema

#TLSCipherSuite                 HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile   /etc/openldap/cert/cacert.pem
#TLSCertificateFile     /etc/openldap/cert/servercert.pem
#TLSCertificateKeyFile  /etc/openldap/cert/serverkey.pem
#TLSVerifyClient                never

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

database        bdb
sessionlog      123     100
suffix          "dc=ldaptest,dc=batelco,dc=jo"
rootdn          "cn=Manager,dc=ldaptest,dc=batelco,dc=jo"
rootpw          {SSHA}6knlCh6UiA1U2EH9zgVCYddyT5wp/e7I

# Mode 700 recommended.
directory       /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID                  eq
index sambaPrimaryGroupSID      eq
index sambaDomainName           eq
index entryUUID                 eq
*********************************************

I was told to configure ACL for a writer and a reader but when i put this line in the provider: access to * by dn.exact="cn=writer,dc=ldaptest,dc=batelco,dc=jo" read stop by * none break

and this line in the consumer :
access to *
 by dn.exact="cn=slave_writer,dc=ldaptest,dc=batelco,dc=jo" write stop
 by * none break

I was not able to update or search, when running the slapd on the consumer and provider with the above configuration this is some of what I got: ********************************************** bdb_search: 18 does not match filter send_ldap_result: conn=-1 op=0 p=3 bdb_dn2entry("cn=nextfreeunixid,dc=ldaptest,dc=batelco,dc=jo") bdb_modify_internal: 0x00000011: cn=NextFreeUnixId,dc=ldaptest,dc=batelco,dc=jo bdb_db_cache: db_open(objectClass) failed: Permission denied (13) bdb_index_read: Could not open DB objectClass Attribute index delete failurebdb_modify: modify failed (80) send_ldap_result: conn=-1 op=0 p=3 null_callback : error code 0x50 syncrepl_entry : be_modify failed (80) ldap_msgfree ldap_result msgid -1 ldap_chkResponseList for msgid=-1, all=0 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid -1 wait4msg continue, msgid -1, all 0 ** Connections: * host: ldaptest.batelco.jo port: 389 (default) refcnt: 2 status: Connected last used: Sat Mar 26 18:31:05 2005

** Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=-1, all=0 ldap_chkResponseList returns NULL ldap_int_select read1msg: msgid -1, all 0 ber_get_next ber_get_next: tag 0x30 len 510 contents: ldap_read: message type search-entry msgid 2, original id 2 ber_scanf fmt ({xx) ber: ber_scanf fmt ({a) ber: ber_scanf fmt (b) ber: ber_scanf fmt (o) ber: ber_scanf fmt ({em) ber: ldap_get_dn_ber ber_scanf fmt ({ml{) ber: >>> dnPrettyNormal: <uid=writer,dc=ldaptest,dc=batelco,dc=jo> => ldap_bv2dn(uid=writer,dc=ldaptest,dc=batelco,dc=jo,0) ldap_err2string <= ldap_bv2dn(uid=writer,dc=ldaptest,dc=batelco,dc=jo)=0 Success => ldap_dn2bv(272) ldap_err2string <= ldap_dn2bv(uid=writer,dc=ldaptest,dc=batelco,dc=jo)=0 Success => ldap_dn2bv(272) ldap_err2string <= ldap_dn2bv(uid=writer,dc=ldaptest,dc=batelco,dc=jo)=0 Success <<< dnPrettyNormal: <uid=writer,dc=ldaptest,dc=batelco,dc=jo>, <uid=writer,dc=ldaptest,dc=batelco,dc=jo> ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: ber_scanf fmt ({mW}) ber: => bdb_search bdb_dn2entry("dc=ldaptest,dc=batelco,dc=jo") search_candidates: base="dc=ldaptest,dc=batelco,dc=jo" (0x00000001) scope=2 => bdb_dn2idl("dc=ldaptest,dc=batelco,dc=jo") => bdb_equality_candidates (entryUUID) bdb_db_cache: db_open(entryUUID) failed: Permission denied (13) <= bdb_equality_candidates: (entryUUID) index_param failed (13) bdb_search_candidates: id=-1 first=1 last=18 bdb_search: 1 does not match filter bdb_search: 2 does not match filter bdb_search: 3 does not match filter bdb_search: 4 does not match filter bdb_search: 5 does not match filter bdb_search: 6 does not match filter bdb_search: 7 does not match filter bdb_search: 8 does not match filter bdb_search: 9 does not match filter bdb_search: 10 does not match filter bdb_search: 11 does not match filter bdb_search: 12 does not match filter bdb_search: 13 does not match filter bdb_search: 14 does not match filter bdb_search: 15 does not match filter bdb_search: 16 does not match filter bdb_search: 17 does not match filter => bdb_dn2id_children("uid=writer,dc=ldaptest,dc=batelco,dc=jo") <= bdb_dn2id_children("uid=writer,dc=ldaptest,dc=batelco,dc=jo"): no (-30990) send_ldap_result: conn=-1 op=0 p=3 bdb_dn2entry("uid=writer,dc=ldaptest,dc=batelco,dc=jo") bdb_modify_internal: 0x00000012: uid=writer,dc=ldaptest,dc=batelco,dc=jo bdb_db_cache: db_open(objectClass) failed: Permission denied (13) bdb_index_read: Could not open DB objectClass Attribute index delete failurebdb_modify: modify failed (80) send_ldap_result: conn=-1 op=0 p=3 null_callback : error code 0x50 syncrepl_entry : be_modify failed (80) ldap_msgfree ldap_result msgid -1 ldap_chkResponseList for msgid=-1, all=0 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid -1 wait4msg continue, msgid -1, all 0 ** Connections: * host: ldaptest.batelco.jo port: 389 (default) refcnt: 2 status: Connected last used: Sat Mar 26 18:31:05 2005

** Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=-1, all=0 ldap_chkResponseList returns NULL ldap_int_select read1msg: msgid -1, all 0 ber_get_next ber_get_next: tag 0x30 len 95 contents: ldap_read: message type search-result msgid 2, original id 2 ber_scanf fmt ({iaa) ber: ber_scanf fmt ({iaa}) ber: new result: res_errno: 0, res_error: <>, res_matched: <> read1msg: 0 new referrals read1msg: mark request completed, id = 2 request 2 done res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_free_connection ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt ({a) ber: ber_scanf fmt (b) ber: ber_scanf fmt (o) ber: ber_scanf fmt (}) ber: ber_scanf fmt ({) ber: ber_scanf fmt (m) ber: ber_scanf fmt (}) ber: bdb_dn2entry("dc=ldaptest,dc=batelco,dc=jo") bdb_modify_internal: 0x00000001: dc=ldaptest,dc=batelco,dc=jo bdb_db_cache: db_open(objectClass) failed: Permission denied (13) bdb_index_read: Could not open DB objectClass Attribute index delete failurebdb_modify: modify failed (80) send_ldap_result: conn=-1 op=0 p=3 null_callback : error code 0x50 be_modify failed (80) put_filter: "(objectClass=*)" put_filter: simple put_simple_filter: "objectClass=*" ber_scanf fmt (m) ber: => bdb_search bdb_dn2entry("dc=ldaptest,dc=batelco,dc=jo") search_candidates: base="dc=ldaptest,dc=batelco,dc=jo" (0x00000001) scope=2 => bdb_dn2idl("dc=ldaptest,dc=batelco,dc=jo") => bdb_presence_candidates (objectClass) bdb_search_candidates: id=-1 first=1 last=18 send_ldap_result: conn=-1 op=0 p=3 ldap_msgfree ldap_unbind ldap_free_connection ldap_send_unbind ber_flush: 7 bytes to sd 10 ldap_free_connection: actually freed daemon: shutdown requested and initiated. daemon: closing 6 daemon: closing 7 slapd shutdown: waiting for 0 threads to terminate slapd shutdown: initiated ====> bdb_cache_release_all slapd destroy: freeing system resources. bdb(dc=ldaptest,dc=batelco,dc=jo): memberUid.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): loginShell.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): uid.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): sn.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): cn.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): gidNumber.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): uidNumber.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): ou.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): entryUUID.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): objectClass.bdb: unable to flush: Permission denied bdb(dc=ldaptest,dc=batelco,dc=jo): txn_checkpoint: failed to flush the buffer cache Permission denied bdb_db_destroy: txn_checkpoint failed: Permission denied (13) bdb(dc=ldaptest,dc=batelco,dc=jo): Database handles open during environment close bdb_db_destroy: close failed: Invalid argument (22) slapd stopped. ***************************************************************

can please some one help me out here, I've already recieved much help and thank you for that, but i just cant get it to work. thank you in advance.

Follow-Ups:
- Re: using syncrepl for master slave relationship not working
  - From: Howard Chu <hyc@symas.com>

References:
- using syncrepl for master slave relationship not working
  - From: Omar Al-Tabari <otabari@batelco.jo>
- Re: using syncrepl for master slave relationship not working
  - From: Omar Al-Tabari <otabari@batelco.jo>
- Re: using syncrepl for master slave relationship not working
  - From: Omar Al-Tabari <otabari@batelco.jo>
- Re: using syncrepl for master slave relationship not working
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: can't build ldapdb auxprop plugin in cyrus-sasl 2.1.20 source tree
Next by Date: Re: Cannot connect to OpenLDAP Server remotely
Index(es):
- Chronological
- Thread