Hi , My application was using replication using Slurpd . Now, we want to move to openldap version 2.4 (RHEL 6.x)from 2.2, so I should
use syncrepl instead slurpd. Replication clients(slaves) can still be of
older version(2.2) I am tried to replication setup using sincerely using doc http://www.openldap.org/doc/admin24/replication.html I am following first of two topologies suggested for
replacing slurped in doc http://www.openldap.org/doc/admin24/replication.html It says (Master/Provider configuration) ---àProxy consumer
configuration --sincerely-àold
Slaves(which were working with slurpd) Following are my Master and Proxy configuration file they
are similar to what above documents says Master slapd.conf [ /usr/sbin/slapd -h ldap://localhost:389 -f
/usr/share/openldap-servers/slapd.conf ] -------------------------------------------------------------------------------------------------------------------------------------------------------------- access to *
by dn.base="cn=replicator,dc=Avaya" write
by dn.base="cn=root,dc=Avaya" write
by
dn.base=umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya read
by * break access to dn.base=""
by * read access to dn.base="dc=Avaya"
by * read access to dn.subtree="ou=People,dc=Avaya"
by dn.exact="cn=root,dc=Avaya" write
by users read
by * read access to *
by self write
by * read database bdb suffix
"dc=Avaya" rootdn
"cn=root,dc=Avaya" rootpw
secret rootpw
Testpw # The database directory MUST exist prior to running slapd
AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. password-hash {CLEARTEXT},{SHA},{SSHA} directory /var/lib/ldap index
objectClass
eq index
default sub index
ou,cn,mail,surname,givenname eq,pres,sub index
nisMapName,nisMapEntry
eq,pres,sub index entryCSN eq index entryUUID eq checkpoint 1024 15 cachesize 10000 idlcachesize 10000 #syncrepl Provider for primary db overlay syncprov
syncprov-checkpoint 1000 60 # Let the replica
DN have limitless searches limits
dn.exact="umObjectGUID=218afb42cb5e11e09542001a64e587d4,ou=People,dc=Avaya"
time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited limits
dn.exact="cn=replicator,dc=Avaya" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited Proxy slapd_p.conf [ /usr/sbin/slapd -h
ldap://localhost:50389 -f /usr/share/openldap-servers/slapd_p.conf ] -------------------------------------------------------------------------------------------------------------------------------------------------------------- access to * by * read # Consumer Proxy
that pulls in data via Syncrepl and pushes out via slapd-ldap
database ldap # ignore
conflicts with other databases, as we need to push out to same suffix
hidden
on
suffix
"dc=Avaya"
rootdn
"cn=slapd-ldap,dc=Avaya" uri ldap://localhost:50389
rootpw secret
rootpw testing
lastmod on acl-bind bindmethod=simple binddn=”cn=replicator,dc=Avaya” credentials=Testpw
#binddn="umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya"
#credentials=1234
syncrepl rid=001
provider=ldap://localhost:389/
binddn=”cn=replicator,dc=Avaya”
#binddn="umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya
bindmethod=simple credentials=Testpw
#credentials=1234
searchbase="dc=Avaya"
type=refreshAndPersist
retry="5 5 300 5"
overlay syncprov 1)I am able to query Master database but not to proxy database why so ? ps -ef | grep slapd /usr/sbin/slapd -h ldap://localhost:389 -f
/usr/share/openldap-servers/slapd.conf /usr/sbin/slapd -h ldap://localhost:50389 -f
/usr/share/openldap-servers/slapd_P.conf lsearch query to master database(port 389) is working /usr/bin/ldapsearch -x -h localhost -p 389
-D"cn=root,dc=Avaya" -w w00dstock -b"dc=Avaya"
'(objectClass=*)' Why following query to proxy (50389) is failing even though
database has read permissions to everyone . /usr/bin/ldapsearch -x -h localhost -p 50389
-D"cn=slapd-ldap" -w w00dstock -b"dc=Avaya"
'(objectClass=*)' ldap_bind: Invalid credentials (49) 2)is "cn=replicator,dc=Avaya" here should be rootdn
user or normal database(slapd) user ?. I tried this ldap slapd user "umObjectGUID=31ff609ecb5e11e09542001a64e587d4,ou=People,dc=Avaya”
and with password ”1234” and restarting both master and proxy still
query fails Can you point me where am I wrong ? Thanks Rupesh privileged information of Symphony Services Corp (India) Pvt. Ltd. and are intended solely for the use of the recipient/s to whom it is addressed. Any unauthorized notifying, copying or distributing of this e-mail, directly or indirectly, and the contents therein in full or part is prohibited by any entity who is not a recipient. Any email received inadvertently or by mistake should be deleted by the entity who is not a recipient thereof. You may be pleased to notify the sender immediately by email and the email should be deleted from your system". |