[Date Prev][Date Next] [Chronological] [Thread] [Top]

Syncrepl, dumb question

To: openldap-software@openldap.org
Subject: Syncrepl, dumb question
From: gianni mazzini <maxione4@yahoo.it>
Date: Sat, 24 Nov 2007 15:05:14 +0000 (GMT)

I am newbie, I am trying to configure Syncrepl beetwen 2 OpenLDAP servers.
I have read FAQ, Admin's guide, mailing lists, but I didn't find any answer about my problem.

The master server is on 192.168.1.255 subnet and is working fine.
Now I am triyng to replicate it to another server in 192.168.123.255 subnet.

Replication from provider to consumer works good (if I write an entry in provider, it will be replicated to consumer), but if I try to write to consumer (ldapadd -x -D cn=Manager,dc=DOMAIN -W -f file.ldif) I get only this answer:

adding new entry "cn=newentry,dc=DOMAIN"
ldap_add: Referral (10)
        referrals:
                ldap://192.168.1.100/cn=newentry,dc=DOMAIN

but nothing appears in provider's log and LDAP databases.

How can configure Syncrepl in order to write to consumer and replicate entries to provider too?
(OpenLDAP: slapd 2.3.30 on Debian Etch).

Following examples in FAQ, I configured provider and consumer as showed below:


=================CONSUMER=================
[cut]
suffix          "dc=DOMAIN"
rootdn          "cn=Manager,dc=DOMAIN"
rootpw          {SSHA}something-hashed
[cut]
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
        by dn="cn=syncuser,dc=DOMAIN" write
        by anonymous auth
        by self write
        by * none

access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
        by dn="cn=syncuser,dc=DOMAIN" write
        by * read

syncrepl rid=1
        provider=ldap://192.168.1.100:389
        type=refreshAndPersist
        retry="60 +"
        searchbase="dc=DOMAIN"
        scope=sub
        schemachecking=off
        bindmethod=simple
        binddn="cn=syncuser,dc=DOMAIN"
        credentials=secret

updateref ldap://192.168.1.100


=================PROVIDER=================
[cut]
suffix          "dc=DOMAIN"

rootdn          "cn=Manager,dc=DOMAIN"

rootpw          {SSHA}something-hashed
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
[cut]
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
        by dn="cn=admin,dc=ENIGMA" write
        by dn="cn=syncuser,dc=ENIGMA" write
        by anonymous auth
        by self write
        by * none

access to *
        by dn="cn=admin,dc=ENIGMA" write
        by dn="cn=syncuser,dc=ENIGMA" write
        by * read





      ___________________________________ 
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: http://it.docs.yahoo.com/nowyoucan.html

Follow-Ups:
- Re: Syncrepl, dumb question
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: strict ldif check
Next by Date: Re: Syncrepl, dumb question
Index(es):
- Chronological
- Thread