[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP replication



Sorry I just realized those configurations were incomplete

ldap01:
include /usr/share/openldap2.4/schema/core.schema
include /usr/share/openldap2.4/schema/cosine.schema
include /usr/share/openldap2.4/schema/corba.schema
include /usr/share/openldap2.4/schema/inetorgperson.schema
include /usr/share/openldap2.4/schema/java.schema
include /usr/share/openldap2.4/schema/krb5-kdc.schema
include /usr/share/openldap2.4/schema/kerberosobject.schema
include /usr/share/openldap2.4/schema/misc.schema
include /usr/share/openldap2.4/schema/nis.schema
include /usr/share/openldap2.4/schema/openldap.schema
include /usr/share/openldap2.4/schema/autofs.schema
include /usr/share/openldap2.4/schema/samba.schema
include /usr/share/openldap2.4/schema/kolab.schema
include /usr/share/openldap2.4/schema/evolutionperson.schema
include /usr/share/openldap2.4/schema/calendar.schema
include /usr/share/openldap2.4/schema/sudo.schema
include /usr/share/openldap2.4/schema/dnszone.schema
include /usr/share/openldap2.4/schema/dhcp.schema
include /etc/openldap2.4/schema/local.schema
include         /etc/openldap2.4/slapd.access.conf
pidfile         /var/run/ldap2.4/slapd.pid
argsfile        /var/run/ldap2.4/slapd.args
modulepath      /usr/lib64/openldap2.4
moduleload     syncprov.la
TLSCertificateFile      /etc/ssl/openldap2.4/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap2.4/ldap.pem
TLSCACertificateFile    /etc/ssl/openldap2.4/ldap.pem
loglevel 32 256 1024
database        bdb
suffix          "dc=example,dc=net"
rootdn          "cn=Manager,dc=example,dc=net"
rootpw
directory       /var/lib/ldap2.4
checkpoint 256 5
index   objectClass                                             eq
index   cn,mail,surname,givenname                               eq,subinitial
index   uidNumber,gidNumber,memberuid,member,uniqueMember       eq
index   uid                                                     eq,subinitial
index   sambaSID,sambaDomainName,displayName                    eq
index  entryCSN,entryUUID                                      eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200


ldap02:

include /usr/share/openldap2.4/schema/core.schema
include /usr/share/openldap2.4/schema/cosine.schema
include /usr/share/openldap2.4/schema/corba.schema
include /usr/share/openldap2.4/schema/inetorgperson.schema
include /usr/share/openldap2.4/schema/java.schema
include /usr/share/openldap2.4/schema/krb5-kdc.schema
include /usr/share/openldap2.4/schema/kerberosobject.schema
include /usr/share/openldap2.4/schema/misc.schema
include /usr/share/openldap2.4/schema/nis.schema
include /usr/share/openldap2.4/schema/openldap.schema
include /usr/share/openldap2.4/schema/autofs.schema
include /usr/share/openldap2.4/schema/samba.schema
include /usr/share/openldap2.4/schema/kolab.schema
include /usr/share/openldap2.4/schema/evolutionperson.schema
include /usr/share/openldap2.4/schema/calendar.schema
include /usr/share/openldap2.4/schema/sudo.schema
include /usr/share/openldap2.4/schema/dnszone.schema
include /usr/share/openldap2.4/schema/dhcp.schema
include /etc/openldap2.4/schema/local.schema
include         /etc/openldap2.4/slapd.access.conf
pidfile         /var/run/ldap2.4/slapd.pid
argsfile        /var/run/ldap2.4/slapd.args
modulepath      /usr/lib64/openldap2.4
moduleload     syncprov.la
TLSCertificateFile      /etc/ssl/openldap2.4/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap2.4/ldap.pem
TLSCACertificateFile    /etc/ssl/openldap2.4/ldap.pem
loglevel 32 256 1024
database        bdb
suffix          "dc=example,dc=net"
rootdn          "cn=Manager,dc=example,dc=net"
rootpw
directory       /var/lib/ldap2.4
checkpoint 256 5
index   objectClass                                             eq
index   cn,mail,surname,givenname                               eq,subinitial
index   uidNumber,gidNumber,memberuid,member,uniqueMember       eq
index   uid                                                     eq,subinitial
index   sambaSID,sambaDomainName,displayName                    eq
limits group="cn=Replicator,ou=Group,dc=example,dc=com"
 size=unlimited
 time=unlimited

referral ldaps://ldap01.sec.example.net/
syncrepl rid=123
  provider=ldaps://ldap01.sec.example.net/
  type=refreshAndPersist
  searchbase="dc=example,dc=net"
  scope=sub
  schemachecking=off
  bindmethod=simple
  binddn="cn=manager,dc=example,dc=net"
  attrs="*"
  credentials=




- Justin Lintz



On Tue, Dec 9, 2008 at 4:45 PM, Justin Lintz <jlintz@gmail.com> wrote:
> Hi,
>
> I am currently working on trying to configure replication between 2
> ldap servers.  Here is my current setup....
>
> 2 servers, ldap01 and ldap02, both running centos 5.2 x86_64 with
> openldap2.4 installed from
> http://staff.telkomsa.net/packages/rhel5/openldap/x86_64/
>
> openldap2.4-servers-2.4.11-1.rhel5
>
> my slapd.conf on ldap01 is:
>
> modulepath      /usr/lib64/openldap2.4
> moduleload     syncprov.la
> TLSCertificateFile      /etc/ssl/openldap2.4/ldap.pem
> TLSCertificateKeyFile   /etc/ssl/openldap2.4/ldap.pem
> TLSCACertificateFile    /etc/ssl/openldap2.4/ldap.pem
> loglevel 32 256 1024
> database        bdb
> suffix          "dc=example,dc=net"
> rootdn          "cn=Manager,dc=example,dc=net"
> rootpw
> directory       /var/lib/ldap2.4
> checkpoint 256 5
> index   objectClass                                             eq
> index   cn,mail,surname,givenname                               eq,subinitial
> index   uidNumber,gidNumber,memberuid,member,uniqueMember       eq
> index   uid                                                     eq,subinitial
> index   sambaSID,sambaDomainName,displayName                    eq
> index  entryCSN,entryUUID                                      eq
> overlay syncprov
> syncprov-checkpoint 100 10
> syncprov-sessionlog 200
>
> slapd.conf on ldap02 is":
>
> directory       /var/lib/ldap2.4
> checkpoint 256 5
> index   objectClass                                             eq
> index   cn,mail,surname,givenname                               eq,subinitial
> index   uidNumber,gidNumber,memberuid,member,uniqueMember       eq
> index   uid                                                     eq,subinitial
> index   sambaSID,sambaDomainName,displayName                    eq
> referral ldaps://ldap01/
> syncrepl rid=123
>  provider=ldaps://ldap01/
>  type=refreshAndPersist
>  searchbase="dc=example,dc=net"
>  scope=sub
>  schemachecking=off
>  bindmethod=simple
>  binddn="cn=manager,dc=example,dc=net"
>  attrs="*"
>  credentials=
>
> This appears to work but it seems after some time the replication
> stops working , not seeing anything in the logs either.
>
> Also with this setup, given a situation where ldap01 died and ldap02
> took over, when I brought ldap01 back online, would configuration
> changes need to be made to ensure any changes that were made to ldap02
> were replicated back properly or am I not using the proper replication
> technique for this situation?  I'm still a bit new to OpenLDAP so I
> apologize if I explained anything incorrrectly.  My end goal is to
> have 2 ldap servers in place where in the event of a failure the
> secondary could take over and when the primary is restored, have it
> fail back over without any loss of changes.
>
> - Justin Lintz
>