[Date Prev][Date Next] [Chronological] [Thread] [Top]
slurpd replication problem

To: openldap-software@openldap.org
Subject: slurpd replication problem
From: "David Browning" <david.browning@intelligraphics.com>
Date: Thu, 17 May 2007 23:38:43 -0500 (CDT)
Importance: Normal
User-agent: SquirrelMail/1.4.8-4.fc5
I have tried to review all possible documentation and read through all
mailing list archives relevant to this problem.  My apologies if this has
been covered before and I have missed it.

No matter what kind of change I make I continue to get err=19 when I try
to replicate.

May 17 23:25:35 ldap2 slapd[3097]: conn=1 op=8 MOD attr=description
entryCSN modifiersName modifyTimestamp
May 17 23:25:35 ldap2 slapd[3097]: conn=1 op=8 RESULT tag=103 err=19
text=entryCSN: no user modification allowed

I am running Fedora Core 5 with ldap version openldap-servers-2.3.30-2.fc5
on both the master and slave.

I currently am using the rootdn simply because there shouldn't be any
restrictions on that user.  I was using a different user previously with
the exact same results.  Both systems have an exact copy of the same LDAP
db.

Here is my master LDAP slapd.conf file.

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema
include         /etc/openldap/schema/officeperson.schema
include         /etc/openldap/schema/RADIUS-LDAPv3.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/ldap.intelligraphics.com-crt.crt
TLSCertificateKeyFile /etc/pki/tls/certs/ldap.intelligraphics.com-key.pem

access to attrs=userPassword,sambaLMPassword,sambaNTPassword
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by self write
      by anonymous auth
      by * none
access to attrs=uid
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by * read
access to
attrs=mail,homeemail,telephonenumber,homephone,mobile,ipphone,facsimiletelephonenumber,postaladdress,l,st,postalcode,c,comment,description
      by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by self write
      by * read
access to attrs=o
      by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by self write
      by * read
access to *
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by self write
      by * read

database        bdb
suffix          "dc=intelligraphics,dc=com"
rootdn          "cn=Manager,dc=intelligraphics,dc=com"
rootpw          password

directory       /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index      sambaSID,sambaPrimaryGroupSID,sambaDomainName    eq

replogfile /var/lib/ldap/openldap-master-replog
replica uri=ldap://ldap2.intelligraphics.com
        binddn="cn=Manager,dc=intelligraphics,dc=com"
        bindmethod=simple credentials=password


Here is my slave LDAP slapd.conf file.

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema
include         /etc/openldap/schema/officeperson.schema
include         /etc/openldap/schema/RADIUS-LDAPv3.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/openvpn.intelligraphics.com-cert.pem
TLSCertificateKeyFile /etc/pki/tls/certs/openvpn.intelligraphics.com-key.pem

access to attrs=userPassword,sambaLMPassword,sambaNTPassword
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by self write
      by anonymous auth
      by * none
access to attrs=uid
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by * read
access to
attrs=mail,homeemail,telephonenumber,homephone,mobile,ipphone,facsimiletelephonenumber,postaladdress,l,st,postalcode,c,comment,description
      by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by self write
      by * read
access to attrs=o
      by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by self write
      by * read
access to *
      by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
      by self write
      by * read

database        bdb
suffix          "dc=intelligraphics,dc=com"
rootdn          "cn=Manager,dc=intelligraphics,dc=com"
rootpw          password

directory       /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index      sambaSID,sambaPrimaryGroupSID,sambaDomainName    eq

updatedn="cn=Manager,dc=intelligraphics,dc=com"
updateref="ldap://ldap.intelligraphics.com";


Does anyone have any ideas on what to try?

David Browning
david.browning@intelligraphics.com
Follow-Ups:
- Re: slurpd replication problem
  - From: Dave Horsfall <daveh@ci.com.au>
Prev by Date: Re: using openldap as a translation layer.
Next by Date: Re: slurpd replication problem
Index(es):
- Chronological
- Thread