[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP replication
Hi,
I am currently working on trying to configure replication between 2
ldap servers. Here is my current setup....
2 servers, ldap01 and ldap02, both running centos 5.2 x86_64 with
openldap2.4 installed from
http://staff.telkomsa.net/packages/rhel5/openldap/x86_64/
openldap2.4-servers-2.4.11-1.rhel5
my slapd.conf on ldap01 is:
modulepath /usr/lib64/openldap2.4
moduleload syncprov.la
TLSCertificateFile /etc/ssl/openldap2.4/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap2.4/ldap.pem
TLSCACertificateFile /etc/ssl/openldap2.4/ldap.pem
loglevel 32 256 1024
database bdb
suffix "dc=example,dc=net"
rootdn "cn=Manager,dc=example,dc=net"
rootpw
directory /var/lib/ldap2.4
checkpoint 256 5
index objectClass eq
index cn,mail,surname,givenname eq,subinitial
index uidNumber,gidNumber,memberuid,member,uniqueMember eq
index uid eq,subinitial
index sambaSID,sambaDomainName,displayName eq
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200
slapd.conf on ldap02 is":
directory /var/lib/ldap2.4
checkpoint 256 5
index objectClass eq
index cn,mail,surname,givenname eq,subinitial
index uidNumber,gidNumber,memberuid,member,uniqueMember eq
index uid eq,subinitial
index sambaSID,sambaDomainName,displayName eq
referral ldaps://ldap01/
syncrepl rid=123
provider=ldaps://ldap01/
type=refreshAndPersist
searchbase="dc=example,dc=net"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=manager,dc=example,dc=net"
attrs="*"
credentials=
This appears to work but it seems after some time the replication
stops working , not seeing anything in the logs either.
Also with this setup, given a situation where ldap01 died and ldap02
took over, when I brought ldap01 back online, would configuration
changes need to be made to ensure any changes that were made to ldap02
were replicated back properly or am I not using the proper replication
technique for this situation? I'm still a bit new to OpenLDAP so I
apologize if I explained anything incorrrectly. My end goal is to
have 2 ldap servers in place where in the event of a failure the
secondary could take over and when the primary is restored, have it
fail back over without any loss of changes.
- Justin Lintz