[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap mirror mode

To: openldap-technical@openldap.org
Subject: openldap mirror mode
From: Megan <nagemnna@gmail.com>
Date: Fri, 22 Jan 2010 13:47:56 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=shzunPAwDFjUfwnRe3D7va+r82EVrt7jFi5WoaXKm9A=; b=pcKWi05pOiKLDTtZ/7bZe1d/LHRK4uVAH0VVUQ1rlP3KQkHsyADjO0WrrvqYGMaKjY U+JDc7YgctJiNxw2Zrh+2ySZuVcDWu52L/dxr4pDMYQ6fkE2OsWkm46Sl0po+V3xK5tB DpN/8eZweAMDp6wpsM0xK+3ngi3iCTnNDRjDU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=EbF+7XlsbBwsIQtTXeMsbNsWGW9f6vCSudN1RYvemkMeTaiiG0HiCpJSh2q8l8KScY HQOJwKeVwTkFfw8ZfHtSz5lGSChCvjBTGrsmdaM8FJwKSBp+xCE9gC8erkUCSMxulqUl S6KQ64vYnrku51/CP4QRApMytr4K9xk7IdYJI=

Good Day All!

I am running two boxes with CentOS 5.4 and
openldap-servers-2.3.43-3.el5.  I am trying to configure openldap in
mirrormode.  I have a third box with CentOS 5.4 and
openldap-servers-2.3.43-3.el5 that I will be using as a proxy,but ldap
is not yet configured on this server.   Below are my two ldap servers
that I want in mirror mode.  If I set the standard Syncrepl
configuration, the master and slave talk, I can write to the master,
and the slave is updated.  But when I switch to mirror mode with the
below configuration, and try to write to either of them, I get:

ldapadd: Server is unwilling to perform (53)
	additional info: shadow context; no update referral

Which makes me think they are both in read-only mode????  I thought
with mirrormode server 1 would be writable until server 1 went down,
then server 2 would know to be writable, and they stay in sync with
each other

#==========================
#Server1
#==========================
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include         /etc/openldap/schema/ppolicy.schema

loglevel 256
serverID    1
allow bind_v2

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

modulepath /usr/lib64/openldap
#moduleload accesslog.la
#moduleload auditlog.la
#moduleload denyop.la
#moduleload dyngroup.la
#moduleload dynlist.la
#moduleload lastmod.la
#moduleload pcache.la
moduleload ppolicy.la
#moduleload refint.la
#moduleload retcode.la
#moduleload rwm.la
#moduleload smbk5pwd.la
#moduleload translucent.la
#moduleload unique.la
#moduleload valsort.la

TLSCACertificateFile /etc/openldap/cacerts/server1cacert.pem
TLSCertificateFile /etc/openldap/cacerts/server1crt.pem
TLSCertificateKeyFile /etc/openldap/cacerts/server1key.pem

TLSVerifyClient try


sasl-secprops noanonymous,noplain,noactive

access to *
	by * write
       by * read

database        bdb
suffix          "dc=domain"
rootdn          "uid=admin,ou=service,dc=domain"
rootpw          {SSHA}secret

directory       /var/ldap/databases/users

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

 syncrepl rid=001
       provider=ldap://192.168.1.3
       type=refreshAndPersist
       interval=00:00:00:10
       searchbase="dc=domain"
       schemachecking=off
	retry="60 +"
      filter="(objectClass=*)"
       attrs="*"
       bindmethod=simple
       binddn="uid=userrepl,ou=services,ou=administrative,dc=domain"
       credentials=password

mirrormode on

#===========================
#server 2
#===========================

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include         /etc/openldap/schema/ppolicy.schema

##LOG Level
loglevel 256
serverID    2
# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args


modulepath /usr/lib64/openldap
#moduleload accesslog.la
#moduleload auditlog.la
#moduleload denyop.la
#moduleload dyngroup.la
#moduleload dynlist.la
#moduleload lastmod.la
#moduleload pcache.la
moduleload ppolicy.la
#moduleload refint.la
#moduleload retcode.la
#moduleload rwm.la
#moduleload smbk5pwd.la
#moduleload translucent.la
#moduleload unique.la
#moduleload valsort.la

TLSVerifyClient try
sasl-secprops noanonymous,noplain,noactive

access to *
        by * write
       by * read


database        bdb
suffix          "dc=domain"
rootdn          "uid=admin,ou=service,dc=domain"
rootpw          {SSHA}secret

directory       /var/ldap/databases/users

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub


overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100


 syncrepl rid=001
        provider=ldap://192.168.1.2
        type=refreshAndPersist
        interval=00:00:00:10
        searchbase="dc=domain"
        schemachecking=off
        filter="(objectClass=*)"
        attrs="*"
        retry="60 +"
        bindmethod=simple
        binddn="uid=userrepl,ou=services,ou=administrative,dc=domain"
        credentials=password

#updateref ldap://192.168.1.3
mirrormode on

Follow-Ups:
- Re: openldap mirror mode
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: OpenLDAP does not seem to start
Next by Date: Re: Server-Side Sort Overlay ordering problems
Index(es):
- Chronological
- Thread