[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SyncReplication and multiple Backends
Dear List Members
OpenLDAP version 2.3.12 on Gentoo Linux 2.6.14.3-vs2.0.1-rc5-gentoo
I'm trying to split the OpenLDAP directory into one Server with multiple
Backends. If the Master has one Backend and the Slave multiple Backends,
everything works fine:
Dec 15 16:33:01 ldaps-test-01 slapd[10726]: slapd starting
Dec 15 16:48:37 ldaps-test-01 slapd[10726]: daemon: shutdown requested
and initiated.
Dec 15 16:48:37 ldaps-test-01 slapd[10726]: slapd shutdown: waiting for
2 threads to terminate
Dec 15 16:48:38 ldaps-test-01 slapd[10726]: slapd stopped.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 193.58.255.246:22 0.0.0.0:* LISTEN
tcp 0 0 193.58.255.246:636 0.0.0.0:* LISTEN
tcp 0 0 193.58.255.246:42830 193.58.255.245:636
ESTABLISHED
tcp 0 0 193.58.255.246:42831 193.58.255.245:636
ESTABLISHED
As soon as I've got more than one Backend on the master, I receive the
following error message:
Dec 15 16:57:26 ldaps-test-01 slapd[11924]: do_syncrep2: got search
entry without control
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 193.58.255.246:22 0.0.0.0:* LISTEN
tcp 0 0 193.58.255.246:636 0.0.0.0:* LISTEN
tcp 0 0 193.58.255.246:42775 193.58.255.245:636
ESTABLISHED
Below, I've attached the different configuration files. Any help would
be appreciated!
Thank you, Michael
My working setup with one Backend on the Master on two on the slave:
Slave: slapd.conf
# Load dynamic backend modules:
modulepath /usr/lib/openldap/openldap
moduleload back_hdb
#######################################################################
# globals
#######################################################################
schemacheck on
# Added to allow client like mozilla to access the directory
allow bind_v2
loglevel 256
sizelimit 100000
#######################################################################
# backend definitions
#######################################################################
include /etc/openldap/slapd.hdb.conf
Slave: slapd.hdb.conf
###################################################################################################
# ou=configuration,o=stepping-stone,c=ch
###################################################################################################
database hdb
suffix "ou=configuration,o=stepping-stone,c=ch"
rootdn "cn=Manager,o=stepping-stone,c=ch"
# Specify that the current backend database is a subordinate of
another backend database.
subordinate
directory /var/lib/openldap-hdb/stepping-stone/configuration
cachesize 10000
# Indices to maintain
index objectClass pres,eq
index entryCSN,entryUUID eq
# This will help to keep your our slaves in sync during a large modification
limits
dn.exact="cn=ldap-01,ou=people,ou=administration,o=stepping-stone,c=ch"
size=unlimited time=unlimited
syncrepl rid=1
provider=ldaps://ldapm-test-01.stepping-stone.ch
type=refreshAndPersist
searchbase="ou=configuration,o=stepping-stone,c=ch"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
updatedn="cn=Manager,o=stepping-stone,c=ch"
bindmethod=simple
binddn="cn=ldap-01,ou=people,ou=administration,o=stepping-stone,c=ch"
credentials=secret
retry="10 3 30 3"
updateref ldaps://ldapm-test-01.stepping-stone.ch
###################################################################################################
# MAIN TREE #
###################################################################################################
database hdb
suffix "o=stepping-stone,c=ch"
rootdn "cn=Manager,o=stepping-stone,c=ch"
# The hash was generated using the command "slappasswd -s secret".
rootpw {SSHA}asdfasdfasdf
directory /var/lib/openldap-hdb/stepping-stone
cachesize 10000
# Indices to maintain
index objectClass pres,eq
index entryCSN,entryUUID eq
# This will help to keep your our slaves in sync during a large modification
limits
dn.exact="cn=ldap-01,ou=people,ou=administration,o=stepping-stone,c=ch"
size=unlimited time=unlimited
syncrepl rid=1
provider=ldaps://ldapm-test-01.stepping-stone.ch
type=refreshAndPersist
searchbase="o=stepping-stone,c=ch"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
updatedn="cn=Manager,o=stepping-stone,c=ch"
bindmethod=simple
binddn="cn=ldap-01,ou=people,ou=administration,o=stepping-stone,c=ch"
credentials=secret
retry="10 3 30 3"
updateref ldaps://ldapm-test-01.stepping-stone.ch
Master with one Backend, slapd.conf:
# Load dynamic backend modules:
modulepath /usr/lib/openldap/openldap
moduleload back_hdb
moduleload syncprov
#######################################################################
# globals
#######################################################################
schemacheck on
# Added to allow client like mozilla to access the directory
allow bind_v2
loglevel 392
sizelimit 100000
#######################################################################
# backend definitions
#######################################################################
include /etc/openldap/slapd.hdb.conf
Master with one Backend, slapd.hdb.conf:
###################################################################################################
# MAIN TREE #
###################################################################################################
database hdb
suffix "o=stepping-stone,c=ch"
rootdn "cn=Manager,o=stepping-stone,c=ch"
# The hash was generated using the command "slappasswd -s secret".
rootpw {SSHA}asdfasdfasdfsadf
directory /var/lib/openldap-hdb/stepping-stone
cachesize 10000
checkpoint 1024 5
# Indices to maintain
index objectClass pres,eq
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# This will help to keep your our slaves in sync during a large modification
limits
dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch"
size=unlimited time=unlimited
access to
dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch$"
attrs=userpassword
by dn.regex="cn=$1,ou=people,ou=administration,o=stepping-stone,c=ch"
write
by anonymous auth
by * none
access to
dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch"
by dn.regex="cn=$1,ou=people,ou=administration,o=stepping-stone,c=ch"
write
by anonymous read
access to
dn.regex="cn=(.+),ou=group,ou=administration,o=stepping-stone,c=ch"
by dn.regex="cn=$1,ou=group,ou=administration,o=stepping-stone,c=ch" read
by anonymous read
access to dn.subtree="o=stepping-stone,c=ch"
by
group/groupOfUniqueNames/uniqueMember="cn=stepping-stone,ou=group,ou=administration,o=stepping-stone,c=ch"
read
by * break
Master with two Backend, slapd.hdb.conf:
###################################################################################################
# ou=configuration,o=stepping-stone,c=ch
###################################################################################################
database hdb
suffix "ou=configuration,o=stepping-stone,c=ch"
rootdn "cn=Manager,o=stepping-stone,c=ch"
# Specify that the current backend database is a subordinate of
another backend database.
subordinate
directory /var/lib/openldap-hdb/stepping-stone/configuration
cachesize 10000
checkpoint 1024 5
Indices to maintain
index objectClass pres,eq
index entryCSN,entryUUID eq
index uid pres,eq
index cn pres,eq,sub
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# This will help to keep your our slaves in sync during a large modification
limits
dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch"
size=unlimited time=unlimited
access to dn.subtree="ou=configuration,o=stepping-stone,c=ch"
by
group/groupOfUniqueNames/uniqueMember="cn=configuration,ou=group,ou=administration,o=stepping-stone,c=ch"
read
by * break
###################################################################################################
# MAIN TREE #
###################################################################################################
database hdb
suffix "o=stepping-stone,c=ch"
rootdn "cn=Manager,o=stepping-stone,c=ch"
# The hash was generated using the command "slappasswd -s secret".
rootpw {SSHA}asdfasdfasdfsadf
directory /var/lib/openldap-hdb/stepping-stone
cachesize 10000
checkpoint 1024 5
# Indices to maintain
index objectClass pres,eq
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# This will help to keep your our slaves in sync during a large modification
limits
dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch"
size=unlimited time=unlimited
access to
dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch$"
attrs=userpassword
by dn.regex="cn=$1,ou=people,ou=administration,o=stepping-stone,c=ch"
write
by anonymous auth
by * none
access to
dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch"
by dn.regex="cn=$1,ou=people,ou=administration,o=stepping-stone,c=ch"
write
by anonymous read
access to
dn.regex="cn=(.+),ou=group,ou=administration,o=stepping-stone,c=ch"
by dn.regex="cn=$1,ou=group,ou=administration,o=stepping-stone,c=ch" read
by anonymous read
access to dn.subtree="o=stepping-stone,c=ch"
by
group/groupOfUniqueNames/uniqueMember="cn=stepping-stone,ou=group,ou=administration,o=stepping-stone,c=ch"
read
by * break
--
visit: http://www.stepping-stone.ch/
--
e-mail: michael.eichenberger@stepping-stone.ch
mobile: +41 76 392 36 23
icq: 238901781