[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: a newbie trying to get the basics of syncrepl going

To: "Seger, Mark" <mark.seger@hp.com>
Subject: Re: a newbie trying to get the basics of syncrepl going
From: Zdenek Styblik <stybla@turnovfree.net>
Date: Wed, 24 Feb 2010 08:17:22 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <9FCE3A46FE7C8045A6207AE4B42E9F9A4A9C3CC8D2@GVW1119EXC.americas.hpqcorp.net>
Openpgp: url=http://stinkfoot.org:11371/pks/lookup?op=index&search=Styblik
Organization: OS TurnovFree.net
References: <9FCE3A46FE7C8045A6207AE4B42E9F9A4A9C3CC8D2@GVW1119EXC.americas.hpqcorp.net>
User-agent: Thunderbird 2.0.0.23 (X11/20090820)

Seger, Mark wrote:
> I’m an admitted ldap lightweight but have been able to bring up an ldap
> server and populate it with the contents of my /etc/passwd file.  Now I
> want to set up a replica on another machine using sync replication and
> am having a few issues getting it to work.  My most recent success was
> getting simple authentication working because before it was failing and
> now it’s not so I’ve at least gotten that far.  Here’s what my
> replication section looks like in ldap.conf:
> 
>  

Hi,

has 'lsfadmin' access to read whole tree on the master?
And if it's simple Master X N slaves type, which probably is, you can't
write to slave - slapd.conf :: updateref ldaps://mymaster.domain.tld

Regards,
Zdenek

-- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net

> 
> syncrepl rid=123
> 
>     provider=ldap://10.99.99.99:389
> 
>     type=refreshOnly
> 
>     interval=01:00:00:00
> 
>     searchbase="dc=myldap,dc=com"
> 
>     filter="(objectClass=account)"
> 
>     scope=sub
> 
>     schemachecking=off
> 
>     updatedn="cn=replica,dc=myldap,dc=com"
> 
>     bindmethod=simple
> 
>     binddn="uid=lsfadmin,ou=People,dc=myldap,dc=com"
> 
>     credentials=Something
> 
>  
> 
> I’m pretty sure I have the search parameters set correctly because if I run:
> 
>  
> 
> ldapsearch -x -h 10.99.99.99 -b 'dc=myldap,dc=com' -A uid
> 
>  
> 
> it dumps all my uids.
> 
>  
> 
> The part I’m on clear on is how to define things on the slave side.  For
> example I have the main part of the conf set the same on the master,
> just to make things easy on me and so I have the following which is
> exactly how I have the master set up.
> 
>  
> 
> database        bdb
> 
> suffix          "dc=myldap,dc=com"
> 
> rootdn          "cn=Manager,dc=myldap,dc=com"
> 
> rootpw          {SSHA}ZmTfiKLVf8X5GERsT3b3AoB3/hFV3l7R
> 
> directory       /var/lib/ldap
> 
>  
> 
> I’m guessing my problem may be with
> updatedn="cn=replica,dc=myldap,dc=com", but I’m not sure what it should
> be and whether or not I have to prime the replica with any special
> authentication to be able to write to it.
> 
>  
> 
> If I run “ldapsearch -x -b 'dc=myldap,dc=com'” against the replica it
> comes up empty so I’m sure nothing is getting replicated.  Further if I
> run the slave slapd with –d128 I get:
> 
>  
> 
> [root@hpdc3dmgt1 ~]# slapd -d 128
> 
> @(#) $OpenLDAP: slapd 2.3.43 (Nov  6 2008 02:53:24) $
> 
>        
> brewbuilder@hs20-bc1-5.build.redhat.com:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
> 
> slapd starting
> 
> request done: ld 0x2ac52b507c70 msgid 1
> 
> => bdb_entry_get: cannot find entry: "dc=myldap,dc=com"
> 
> do_syncrep2: rid 123got search entry without control
> 
> do_syncrepl: rid 123 quitting
> 
>  
> 
> but I have no idea where it’s looking for the entry, on the master or
> the slave?  But I do have that entry on the master.
> 
>  
> 
> I’m sure I’m doing something wrong but am also hoping it’s relatively minor.
> 
>  
> 
> -mark
> 
>  
> 
>  
>

References:
- a newbie trying to get the basics of syncrepl going
  - From: "Seger, Mark" <mark.seger@hp.com>

Prev by Date: Re: a newbie trying to get the basics of syncrepl going
Next by Date: Re: a newbie trying to get the basics of syncrepl going
Index(es):
- Chronological
- Thread