[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP replication
Sorry I just realized those configurations were incomplete
ldap01:
include /usr/share/openldap2.4/schema/core.schema
include /usr/share/openldap2.4/schema/cosine.schema
include /usr/share/openldap2.4/schema/corba.schema
include /usr/share/openldap2.4/schema/inetorgperson.schema
include /usr/share/openldap2.4/schema/java.schema
include /usr/share/openldap2.4/schema/krb5-kdc.schema
include /usr/share/openldap2.4/schema/kerberosobject.schema
include /usr/share/openldap2.4/schema/misc.schema
include /usr/share/openldap2.4/schema/nis.schema
include /usr/share/openldap2.4/schema/openldap.schema
include /usr/share/openldap2.4/schema/autofs.schema
include /usr/share/openldap2.4/schema/samba.schema
include /usr/share/openldap2.4/schema/kolab.schema
include /usr/share/openldap2.4/schema/evolutionperson.schema
include /usr/share/openldap2.4/schema/calendar.schema
include /usr/share/openldap2.4/schema/sudo.schema
include /usr/share/openldap2.4/schema/dnszone.schema
include /usr/share/openldap2.4/schema/dhcp.schema
include /etc/openldap2.4/schema/local.schema
include /etc/openldap2.4/slapd.access.conf
pidfile /var/run/ldap2.4/slapd.pid
argsfile /var/run/ldap2.4/slapd.args
modulepath /usr/lib64/openldap2.4
moduleload syncprov.la
TLSCertificateFile /etc/ssl/openldap2.4/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap2.4/ldap.pem
TLSCACertificateFile /etc/ssl/openldap2.4/ldap.pem
loglevel 32 256 1024
database bdb
suffix "dc=example,dc=net"
rootdn "cn=Manager,dc=example,dc=net"
rootpw
directory /var/lib/ldap2.4
checkpoint 256 5
index objectClass eq
index cn,mail,surname,givenname eq,subinitial
index uidNumber,gidNumber,memberuid,member,uniqueMember eq
index uid eq,subinitial
index sambaSID,sambaDomainName,displayName eq
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200
ldap02:
include /usr/share/openldap2.4/schema/core.schema
include /usr/share/openldap2.4/schema/cosine.schema
include /usr/share/openldap2.4/schema/corba.schema
include /usr/share/openldap2.4/schema/inetorgperson.schema
include /usr/share/openldap2.4/schema/java.schema
include /usr/share/openldap2.4/schema/krb5-kdc.schema
include /usr/share/openldap2.4/schema/kerberosobject.schema
include /usr/share/openldap2.4/schema/misc.schema
include /usr/share/openldap2.4/schema/nis.schema
include /usr/share/openldap2.4/schema/openldap.schema
include /usr/share/openldap2.4/schema/autofs.schema
include /usr/share/openldap2.4/schema/samba.schema
include /usr/share/openldap2.4/schema/kolab.schema
include /usr/share/openldap2.4/schema/evolutionperson.schema
include /usr/share/openldap2.4/schema/calendar.schema
include /usr/share/openldap2.4/schema/sudo.schema
include /usr/share/openldap2.4/schema/dnszone.schema
include /usr/share/openldap2.4/schema/dhcp.schema
include /etc/openldap2.4/schema/local.schema
include /etc/openldap2.4/slapd.access.conf
pidfile /var/run/ldap2.4/slapd.pid
argsfile /var/run/ldap2.4/slapd.args
modulepath /usr/lib64/openldap2.4
moduleload syncprov.la
TLSCertificateFile /etc/ssl/openldap2.4/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap2.4/ldap.pem
TLSCACertificateFile /etc/ssl/openldap2.4/ldap.pem
loglevel 32 256 1024
database bdb
suffix "dc=example,dc=net"
rootdn "cn=Manager,dc=example,dc=net"
rootpw
directory /var/lib/ldap2.4
checkpoint 256 5
index objectClass eq
index cn,mail,surname,givenname eq,subinitial
index uidNumber,gidNumber,memberuid,member,uniqueMember eq
index uid eq,subinitial
index sambaSID,sambaDomainName,displayName eq
limits group="cn=Replicator,ou=Group,dc=example,dc=com"
size=unlimited
time=unlimited
referral ldaps://ldap01.sec.example.net/
syncrepl rid=123
provider=ldaps://ldap01.sec.example.net/
type=refreshAndPersist
searchbase="dc=example,dc=net"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=manager,dc=example,dc=net"
attrs="*"
credentials=
- Justin Lintz
On Tue, Dec 9, 2008 at 4:45 PM, Justin Lintz <jlintz@gmail.com> wrote:
> Hi,
>
> I am currently working on trying to configure replication between 2
> ldap servers. Here is my current setup....
>
> 2 servers, ldap01 and ldap02, both running centos 5.2 x86_64 with
> openldap2.4 installed from
> http://staff.telkomsa.net/packages/rhel5/openldap/x86_64/
>
> openldap2.4-servers-2.4.11-1.rhel5
>
> my slapd.conf on ldap01 is:
>
> modulepath /usr/lib64/openldap2.4
> moduleload syncprov.la
> TLSCertificateFile /etc/ssl/openldap2.4/ldap.pem
> TLSCertificateKeyFile /etc/ssl/openldap2.4/ldap.pem
> TLSCACertificateFile /etc/ssl/openldap2.4/ldap.pem
> loglevel 32 256 1024
> database bdb
> suffix "dc=example,dc=net"
> rootdn "cn=Manager,dc=example,dc=net"
> rootpw
> directory /var/lib/ldap2.4
> checkpoint 256 5
> index objectClass eq
> index cn,mail,surname,givenname eq,subinitial
> index uidNumber,gidNumber,memberuid,member,uniqueMember eq
> index uid eq,subinitial
> index sambaSID,sambaDomainName,displayName eq
> index entryCSN,entryUUID eq
> overlay syncprov
> syncprov-checkpoint 100 10
> syncprov-sessionlog 200
>
> slapd.conf on ldap02 is":
>
> directory /var/lib/ldap2.4
> checkpoint 256 5
> index objectClass eq
> index cn,mail,surname,givenname eq,subinitial
> index uidNumber,gidNumber,memberuid,member,uniqueMember eq
> index uid eq,subinitial
> index sambaSID,sambaDomainName,displayName eq
> referral ldaps://ldap01/
> syncrepl rid=123
> provider=ldaps://ldap01/
> type=refreshAndPersist
> searchbase="dc=example,dc=net"
> scope=sub
> schemachecking=off
> bindmethod=simple
> binddn="cn=manager,dc=example,dc=net"
> attrs="*"
> credentials=
>
> This appears to work but it seems after some time the replication
> stops working , not seeing anything in the logs either.
>
> Also with this setup, given a situation where ldap01 died and ldap02
> took over, when I brought ldap01 back online, would configuration
> changes need to be made to ensure any changes that were made to ldap02
> were replicated back properly or am I not using the proper replication
> technique for this situation? I'm still a bit new to OpenLDAP so I
> apologize if I explained anything incorrrectly. My end goal is to
> have 2 ldap servers in place where in the event of a failure the
> secondary could take over and when the primary is restored, have it
> fail back over without any loss of changes.
>
> - Justin Lintz
>