On Sunday 27 May 2012 21:06:43 Patrick Hemmer wrote:
> Where are you putting the MirrorMode parameter?
> When I copy/paste your config you provided in the first email into an
> editor, line 31 is before "database config", which would be the problem.
> You need to put it after "database config" so that it applies to the
> config database.
>
> As for the shadow thing, both server's are shadows/consumers. Theyre
> also both providers.
Thanks a lot. This made it finally work.
1. I misunderstood "shadow" as being a completely different mode in which the
whole instance runs.
2. I placed the 'MirrorMode' statement at the wrong position.
a) It mustn't be set in the global section
b) It must be set after the 'syncrepl' statements inside a DB definition
For reference/anyone else fighting with this, a short howto how I got it up
and running now:
1. Make sure /etc/openldap/slapd.d/ and the openldap-data directory (here:
/var/lib/openldap-data) is emptied
2. Use the basic config (see below) to seed the initial online config of each
instance using the command
slapd -f /tmp/slapd.conf -F /etc/openldap/slapd.d -u ldap -g ldap -d1
3. Stop the slapd process (Ctrl+C) and start it regularly using the initscript
provided by the distribution (e.g. /etc/init.d/slapd start on Gentoo/OpenRC)
4. Now verify whether the replication of cn=config works by removing the
'olcConfigFile' setting from cn=config
Basic slapd.conf for seeding:
moduleload memberof.so
moduleload syncprov.so
moduleload refint.so
moduleload memberof.so
moduleload syncprov.so
moduleload refint.so
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openssh.schema
TLSCACertificateFile /etc/ssl/slapd/slapd.cacrt
TLSCertificateFile /etc/ssl/slapd/slapd.crt
TLSCertificateKeyFile /etc/ssl/slapd/slapd.key
TLSVerifyClient allow
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel 256
access to attrs=userPassword
by self write
by * auth
access to *
by * read
ServerID 1 ldap://10.44.0.1
ServerID 2 ldap://10.44.0.7
backend bdb
database config
rootdn cn=config
rootpw {SSHA}RI/d8i2R7XXlo2+kf2LcYzYOcIry+qaa
syncrepl rid=001
provider="ldap://10.44.0.7";
binddn="cn=config"
bindmethod="simple"
credentials="nothingtoseehere"
searchbase="cn=config"
type=refreshAndPersist
retry="10 +"
filter="(!(olcDatabase={0}config))"
syncrepl rid=002
provider="ldap://10.44.0.1";
binddn="cn=config"
bindmethod="simple"
credentials="nothingtoseehere"
searchbase="cn=config"
type=refreshAndPersist
retry="10 +"
filter="(!(olcDatabase={0}config))"
overlay syncprov
MirrorMode onAttachment:
signature.asc
Description: This is a digitally signed message part.