[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP replication

To: openldap-technical@openldap.org
Subject: OpenLDAP replication
From: "Justin Lintz" <jlintz@gmail.com>
Date: Tue, 9 Dec 2008 16:45:42 -0500
Content-disposition: inline

Hi,

I am currently working on trying to configure replication between 2
ldap servers.  Here is my current setup....

2 servers, ldap01 and ldap02, both running centos 5.2 x86_64 with
openldap2.4 installed from
http://staff.telkomsa.net/packages/rhel5/openldap/x86_64/

openldap2.4-servers-2.4.11-1.rhel5

my slapd.conf on ldap01 is:

modulepath      /usr/lib64/openldap2.4
moduleload     syncprov.la
TLSCertificateFile      /etc/ssl/openldap2.4/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap2.4/ldap.pem
TLSCACertificateFile    /etc/ssl/openldap2.4/ldap.pem
loglevel 32 256 1024
database        bdb
suffix          "dc=example,dc=net"
rootdn          "cn=Manager,dc=example,dc=net"
rootpw
directory       /var/lib/ldap2.4
checkpoint 256 5
index   objectClass                                             eq
index   cn,mail,surname,givenname                               eq,subinitial
index   uidNumber,gidNumber,memberuid,member,uniqueMember       eq
index   uid                                                     eq,subinitial
index   sambaSID,sambaDomainName,displayName                    eq
index  entryCSN,entryUUID                                      eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200

slapd.conf on ldap02 is":

directory       /var/lib/ldap2.4
checkpoint 256 5
index   objectClass                                             eq
index   cn,mail,surname,givenname                               eq,subinitial
index   uidNumber,gidNumber,memberuid,member,uniqueMember       eq
index   uid                                                     eq,subinitial
index   sambaSID,sambaDomainName,displayName                    eq
referral ldaps://ldap01/
syncrepl rid=123
  provider=ldaps://ldap01/
  type=refreshAndPersist
  searchbase="dc=example,dc=net"
  scope=sub
  schemachecking=off
  bindmethod=simple
  binddn="cn=manager,dc=example,dc=net"
  attrs="*"
  credentials=

This appears to work but it seems after some time the replication
stops working , not seeing anything in the logs either.

Also with this setup, given a situation where ldap01 died and ldap02
took over, when I brought ldap01 back online, would configuration
changes need to be made to ensure any changes that were made to ldap02
were replicated back properly or am I not using the proper replication
technique for this situation?  I'm still a bit new to OpenLDAP so I
apologize if I explained anything incorrrectly.  My end goal is to
have 2 ldap servers in place where in the event of a failure the
secondary could take over and when the primary is restored, have it
fail back over without any loss of changes.

- Justin Lintz

Follow-Ups:
- Re: OpenLDAP replication
  - From: "Justin Lintz" <jlintz@gmail.com>
- Re: OpenLDAP replication
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: OpenLDAP as a 'generic' hierarchical data store
Next by Date: Re: OpenLDAP replication
Index(es):
- Chronological
- Thread