[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: using syncrepl for master slave relationship not working
My Master slapd.conf looks like this:
*****************
include /var/openldap/etc/openldap/schema/core.schema
include /var/openldap/etc/openldap/schema/cosine.schema
include /var/openldap/etc/openldap/schema/inetorgperson.schema
include /var/openldap/etc/openldap/schema/nis.schema
include /var/openldap/etc/openldap/schema/samba.schema
include /var/openldap/etc/openldap/schema/redhat/autofs.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/openldap/var/run/slapd.pid
argsfile /var/openldap/var/run/slapd.args
database bdb
suffix "dc=ldaptest,dc=batelco,dc=jo"
rootdn "cn=Manager,dc=ldaptest,dc=batelco,dc=jo"
#rootpw {SSHA}6knlCh6UiA1U2EH9zgVCYddyT5wp/e7I
rootpw secret
# Mode 700 recommended.
directory /var/openldap/var/openldap-data
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index entryUUID,entryCSN eq
overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 100
********************
As you can see i didnt put any access rules cause i cant seem to make
them work proparly, so i am binding using the rootdn. As for the
consumer it look like this:
****************
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /openldap/etc/openldap/schema/core.schema
include /openldap/etc/openldap/schema/cosine.schema
include /openldap/etc/openldap/schema/inetorgperson.schema
include /openldap/etc/openldap/schema/nis.schema
include /openldap/etc/openldap/schema/samba.schema
include /openldap/etc/openldap/schema/redhat/autofs.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /openldap/var/run/slapd.pid
argsfile /openldap/var/run/slapd.args
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=ldaptest,dc=batelco,dc=jo"
rootdn "cn=Manager,dc=ldaptest,dc=batelco,dc=jo"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /openldap/var/openldap-data
# Indices to maintain
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index entryUUID,entryCSN eq
syncrepl rid=1
provider=ldap://ldaptest.batelco.jo
binddn="cn=manager,dc=ldaptest,dc=batelco,dc=jo"
bindmethod=simple
credentials=secret
searchbase="dc=ldaptest,dc=batelco,dc=jo"
filter="(objectClass=*)"
attrs="*"
schemachecking=off
scope=sub
type=refreshAndPersist
********************8
both the consumer and provider have the same suffix, i dont know if that
is the way it should be, but wont that make problems when i try to
implement TLS "thats if i can get this running in the first place".
thank you in advance, i really need the help right now.
Firman Indra Buana wrote:
Hi Omar,
Could you give me full of you slapd.conf, your master and your
costumer, you could edit it if there is some information that I
should'nt know.
Thank You,
Omar Al-Tabari wrote:
I replaced the search bas with the rootdn, but this is what i got:
[root@ldaptest libexec]# ./slapd -d256 -u ldap -h "ldap:///";
@(#) $OpenLDAP: slapd 2.3.2beta (Mar 28 2005 13:05:53) $
root@ldaptest:/root/openldap-2.3.2beta/servers/slapd
bdb_db_init: Initializing BDB database
16: unknown tls_option <b>
slapd starting
conn=0 fd=12 ACCEPT from IP=172.16.5.108:2089 (IP=0.0.0.0:389)
conn=0 op=0 BIND dn="cn=manager,dc=ldaptest,dc=batelco,dc=jo" method=128
conn=0 op=0 BIND dn="cn=Manager,dc=ldaptest,dc=batelco,dc=jo"
mech=SIMPLE ssf=0
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="cn=manager,dc=ldaptest,dc=batelco,dc=jo"
scope=2 deref=0 filter="(objectClass=*)"
conn=0 op=1 SRCH attr=* structuralObjectClass entryCSN
findbase failed! 32
conn=0 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
conn=0 op=2 UNBIND
conn=0 fd=12 closed
but the consumer didnt give me an ldap_modify error, when I changed
the searchbase to the old one the consumer gave me this:
[root@mc libexec]# ./slapd -d256 -u ldap -h "ldap:///";
@(#) $OpenLDAP: slapd 2.3.2beta (Mar 24 2005 11:18:51) $
root@mc:/root/openldap-2.3.2beta/servers/slapd
bdb_db_init: Initializing BDB database
16: unknown tls_option <b>
slapd starting
request 1 done
be_modify failed (32)
Firman Indra Buana wrote:
hi Omar,
Replace the searchbase with the rootdn of your master, try it.
Again, look at the sample of "test" in openldap installer, there is
a lot of example there that you could try it first.
Omar Al-Tabari wrote:
But there is "dc=ldaptest,dc=batelco,dc=jo" in master database,
then how does its ldap server function??
Openldap v2.3 is working fine on the master server and i can search
it, query it and all that, but still Syncrepl doesnt work!!
Firman Indra Buana wrote:
Simple!!!! no dc=ldaptest,dc=batelco,dc=jo in master database and
you could not bind it, I try syncrepl and nothing problem with it,
just try the test program from openldap installer and you would
understand it more, try with simple and go to advanced. Hope this
is help.
Omar Al-Tabari wrote:
Omar Al-Tabari wrote:
Howard Chu wrote:
Omar Al-Tabari wrote:
Omar Al-Tabari wrote:
Howard Chu wrote:
Read the 2.3 Admin Guide. The provider configuration in 2.3
is not identical to 2.2, as I've mentioned here a number of
times.
now i've read the 2.3 manual and here's what i added to my
slapd.conf:
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index entryUUID,entryCSN eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
and i've also updated my consumers slapd.conf:
syncrepl rid=123
provider=ldap://ldaptest.batelco.jo:389
type=refreshOnly
interval=00:00:01:00
searchbase="dc=ldaptest,dc=batelco,dc=jo"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
bindmethod=simple
binddn="cn=manager,dc=ldaptest,dc=batelco,dc=jo"
credentials=secret
That looks reasonable.
I also tried out the "type=refreshAndPersist" mode on the
consumer and this is the output after starting both the
provider and consumer:
bdb_db_init: Initializing BDB database
16: unknown tls_option <b>
slapd starting
request 1 done
be_modify failed (32)
That looks bad. There are other errors in your slapd.conf file
that need to be fixed.
Does the entry corresponding to the database suffix exist in
your database?
I'm sorry i didnt quite understand your question, I'm not that
very good configuring these things as you may have noticed :)
this is what i got with debug level 9
*****************************
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({iaa}) ber:
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
bdb_dn2entry("dc=ldaptest,dc=batelco,dc=jo")
=> bdb_dn2id("dc=ldaptest,dc=batelco,dc=jo")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair
found (-30990)
ldap_search_ext
put_filter: "(objectClass=*)"
put_filter: simple
put_simple_filter: "objectClass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 150 bytes to sd 10
=>do_syncrep2
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (timeout 0 sec, 0 usec), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: ldaptest.batelco.jo port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Apr 6 15:11:28 2005
** Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
ldap_int_select
connection_get(10): got connid=0
daemon: added 10r
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10): got connid=0
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
=>do_syncrepl
=>do_syncrep2
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (timeout 0 sec, 0 usec), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: ldaptest.batelco.jo port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Apr 6 15:11:28 2005
****************************************
any clues?
it has "<= bdb_dn2id: get failed: DB_NOTFOUND: No matching
key/data pair found (-30990)" what does that mean?