[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Replication failed, only slave is updated...
Hi
I ran into a problem with replication of my openldap servers, which I have
solved. That is I am no longer affected.
My setup:
3 ldap servers: 1 master (ldapmaster), 2 slaves(ldapslave1, ldapslave2). The
slaves have an alias in DNS that resolves to both slaves (ldapslave).
All running SuSE Linux Enterprise Server 9.
Standard openldap and samba packages from SuSE:
openldap2-2.2.6-37.38
samba-3.0.9-2.6
All clients use the alias in their ldap-setup. So basicly the master only
handles updates, and the slaves handles requests.
The ldap servers are used as authenication source for Samba.
I did 2 things that were not recomended:
1. The same rootdn, with same password for both the master and the slaves.
2. The samba PDC used the slave alias as its ldap
from smb.conf:
passdb backend = ldapsam:ldap://ldapslave
The ldaptree was mostly maintained through scripts which talked directly to
the master, and everything was replicated fine.
But when adding computers to the samba-domain the PDC had to update the
password for the computers. That seemed to work smoothly, but I ran into
problems that I thought that were 'impossible' ;-)
The PDC updated just the slave it had resolved and binded to. The master was
not contacted and no replication was done... The consistency of the servers
was scr**ed.
Now my 'solution' was just to change my smb.conf:
passdb backend = ldapsam:ldap://ldapmaster
Now the PDC talkes directly to the master and the password change is
replicated.
What I do not understand is why the PDC was allowed to change the slave
directly. As it says in http://www.openldap.org/doc/admin23/replication.html
<quote>
Sample replication scenario:
1. The LDAP client submits an LDAP modify operation to the slave slapd.
2. The slave slapd returns a referral to the LDAP client referring the client
to the master slapd.
</quote>
Regards
Jonas
--
Jonas Helgi Palsson
"Því jú engum manni eru guðirnir svo grimmir, að gera hann fullkominn"