So more information about my problem: if I change: replica uri=ldaps://192.168.247.130:389/ to replica uri=ldap://192.168.247.130:389/ THEN I get a slightly different replication log created by Slurpd. However, when I examine that file, it is missing: replica: 192.168.247.130:389 If I kill slurpd, edit the log to include the 'replica' line, and then restart slurpd, then it forms the connection and attempts to forward the ldif. So it looks like I facing two problems: 1. slurpd doesn't work right with SSL 2. slurpd doesn't create the right log format for it to use for replication. Am I missing something in my SSL config? Any ideas on a bug fix for #2? rpmquery --all | egrep openldap openldap2-client-2.3.19-18.6 openldap2-2.3.19-18.7 On Thursday 11 January 2007 21:10, matthew sporleder wrote: > On 1/11/07, Jeremy M. Guthrie <jeremy.guthrie@berbee.com> wrote: > > I am running into an issue trying to do LDAP replication. I am trying to > > get slurp to replicate data but it keeps complaining that none of the > > data is 'mine'. > > > > I also never see slurpd make a TCP connection to the 192.168.247.130 > > peer. > > > > slapd.conf > > include /etc/openldap/schema/core.schema > > include /etc/openldap/schema/cosine.schema > > include /etc/openldap/schema/inetorgperson.schema > > include /etc/openldap/schema/rfc2307bis.schema > > include /etc/openldap/schema/yast.schema > > pidfile /var/run/slapd/slapd.pid > > argsfile /var/run/slapd/slapd.args > > modulepath /usr/lib/openldap/modules > > access to dn.base="" > > by * read > > access to dn.base="cn=Subschema" > > by * read > > access to attrs=userPassword,userPKCS12 > > by self write > > by * auth > > access to attrs=shadowLastChange > > by self write > > by * read > > access to * > > by * read > > loglevel 0 > > > > replogfile /var/lib/ldap/replog/ldap.binc-groups.replog > > > > > > TLSCertificateFile /etc/openldap/servercert.pem > > TLSCertificateKeyFile /etc/openldap/serverkey.pem > > database bdb > > suffix "dc=remote,dc=binc,dc=net" > > rootdn "XXXXXXXXXXXXXXXXXXXXXXXX" > > rootpw XXXXXXXXXXXXX > > directory /var/lib/ldap/dc=remote_dc=binc_dc=net > > checkpoint 1024 5 > > cachesize 10000 > > index objectClass,uidNumber,gidNumber eq > > index member,mail eq,pres > > index cn,displayname,uid,sn,givenname sub,eq,pres > > replica host=192.168.247.130 > > binddn="XXXXXXXXXXXXXXXXXXXXXXXXXXXXX" > > bindmethod=simple > > credentials=XXXXXXXXXXXXX > > > > > > Slurpd Logs: > > Replica 192.168.247.130:389, skip repl record for > > uid=tester,ou=people,dc=remote,dc=binc,dc=net (not mine) > > Replica 192.168.247.130:389, skip repl record for > > cn=testing,ou=group,dc=remote,dc=binc,dc=net (not mine) > > Replica 192.168.247.130:389, skip repl record for > > cn=groupconfiguration,ou=ldapconfig,dc=remote,dc=binc,dc=net (not mine) > > Replica 192.168.247.130:389, skip repl record for > > uid=jguthries,ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine) > > Replica 192.168.247.130:389, skip repl record for > > uid=test22,ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine) > > Replica 192.168.247.130:389, skip repl record for > > uid=howdy,ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine) > > Replica 192.168.247.130:389, skip repl record for > > uid=sasser,ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine) > > > > -- > > I've never seen that error, but I'm pretty sure your replogfile needs > to go into your database section. (that makes the error seem logicall > to me, anyway) > > See: > http://www.openldap.org/faq/data/cache/371.html > > _Matt -- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee - A CDW Company Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711
Attachment:
pgpaqynwe1S4c.pgp
Description: PGP signature