[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issues with LDAP Replication

To: openldap-software@openldap.org
Subject: Re: Issues with LDAP Replication
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Tue, 10 Apr 2007 11:03:56 +0200
Cc: Steven Bambling <steven.bambling@sunrocket.com>
In-reply-to: <B549943F-D86D-4F0F-B2C6-4A84897699DD@sunrocket.com>
Organization: Telkom Internet
References: <B549943F-D86D-4F0F-B2C6-4A84897699DD@sunrocket.com>
User-agent: KMail/1.9.6

On Tuesday 10 April 2007, Steven Bambling wrote:
> 	From: 	  steven.bambling@sunrocket.com
> 	Subject: 	Issue with changes using updateref
> 	Date: 	April 9, 2007 6:57:43 PM EDT
> 	To: 	  openldap-software@openldap.org
>
> All,
>
> I've been racking my brain for a while googling and reading like
> mad.  I've come to a wall.   I have 2 OpenLdap servers setup 1 as a
> master and the other as a slave.
>
>   This are now working about 50%.  When I make a change on the master
> is is replicated down to the slave without a problem.  Yet when I
> make a change on the slave it doesn't seem to carry back up to the
> master.

So what you mean here is that:
-the ldap client is not chasing a referral to the master
-which could be because it is not being provided with an update referral

>
> I've tried changing the userpassword manually through a ldap browser
> and get this effect
>
> On the Master server I have the following configuration
>
> replica         host=jupiter2.company.com:389
>                  suffix="dc=sunrocket,dc=com"
>                  binddn="cn=copycat2,dc=company,dc=com"
>                  credentials=deargod2
>                  bindmethod=simple
>                  tls=yes
>
> On the Slave Server I have
>
> #######################################################################
> # BDB database definitions
> #######################################################################
>
> database        bdb
> checkpoint      1024 5
> cachesize       1000000
> suffix          "dc=sunrocket,dc=com"
> rootdn          "cn=copycat2,dc=sunrocket,dc=com"
> # Slave data
> updatedn "cn=copycat2,dc=sunrocket,dc=com"

It is not recommended to re-use the slave's rootdn as updatedn (rather add a 
one-line ACL providing write access to the updatedn), as you may have some 
weird effects ...

>
>
> # Cleartext passwords, especially for the rootdn, should
> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw          "deargod2"

Where is the updateref entry ?

Regards,
Buchan


-- 
Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgpo3hWME8sU9.pgp
Description: PGP signature

References:
- Issues with LDAP Replication
  - From: Steven Bambling <steven.bambling@sunrocket.com>

Prev by Date: Re: Issues with LDAP Replication
Next by Date: Ldapsearch on multiple attributes
Index(es):
- Chronological
- Thread