[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl for cn=config, changes fail with "tag=103 err=53 text=shadow context; no update referral"

Elias Probst wrote:

On Sunday 27 May 2012 21:06:43 Patrick Hemmer wrote:

Where are you putting the MirrorMode parameter?
When I copy/paste your config you provided in the first email into an
editor, line 31 is before "database config", which would be the problem.
You need to put it after "database config" so that it applies to the
config database.

As for the shadow thing, both server's are shadows/consumers. Theyre
also both providers.


Thanks a lot. This made it finally work.

1. I misunderstood "shadow" as being a completely different mode in which the
whole instance runs.

2. I placed the 'MirrorMode' statement at the wrong position.
a) It mustn't be set in the global section
b) It must be set after the 'syncrepl' statements inside a DB definition

For reference/anyone else fighting with this, a short howto how I got it up
and running now:

1. Make sure /etc/openldap/slapd.d/ and the openldap-data directory (here:
/var/lib/openldap-data) is emptied

2. Use the basic config (see below) to seed the initial online config of each
instance using the command
slapd -f /tmp/slapd.conf -F /etc/openldap/slapd.d -u ldap -g ldap -d1
Your reference is an utter waste of time. If you want to help people do this in the future you should simply provide the output of slapcat -n0, with the schema entries trimmed, and avoid the unnecessary conversion step. 


3. Stop the slapd process (Ctrl+C) and start it regularly using the initscript
provided by the distribution (e.g. /etc/init.d/slapd start on Gentoo/OpenRC)


And avoid the unnecessary restart step as well.


4. Now verify whether the replication of cn=config works by removing the
'olcConfigFile' setting from cn=config

Basic slapd.conf for seeding:
moduleload    memberof.so
moduleload    syncprov.so
moduleload    refint.so

moduleload    memberof.so
moduleload    syncprov.so
moduleload    refint.so


And avoid redundant moduleload statements.


include        /etc/openldap/schema/core.schema
include        /etc/openldap/schema/cosine.schema
include        /etc/openldap/schema/inetorgperson.schema
include        /etc/openldap/schema/nis.schema
include        /etc/openldap/schema/openssh.schema

TLSCACertificateFile    /etc/ssl/slapd/slapd.cacrt
TLSCertificateFile      /etc/ssl/slapd/slapd.crt
TLSCertificateKeyFile   /etc/ssl/slapd/slapd.key
TLSVerifyClient         allow

pidfile        /var/run/openldap/slapd.pid
argsfile       /var/run/openldap/slapd.args

loglevel    256

access to attrs=userPassword
     by self write
     by * auth

access to *
     by * read

ServerID    1    ldap://10.44.0.1
ServerID    2    ldap://10.44.0.7

backend        bdb

database        config
rootdn          cn=config
rootpw          {SSHA}RI/d8i2R7XXlo2+kf2LcYzYOcIry+qaa

syncrepl        rid=001
                 provider="ldap://10.44.0.7";
                 binddn="cn=config"
                 bindmethod="simple"
                 credentials="nothingtoseehere"
                 searchbase="cn=config"
                 type=refreshAndPersist
                 retry="10 +"
                 filter="(!(olcDatabase={0}config))"

syncrepl        rid=002
                 provider="ldap://10.44.0.1";
                 binddn="cn=config"
                 bindmethod="simple"
                 credentials="nothingtoseehere"
                 searchbase="cn=config"
                 type=refreshAndPersist
                 retry="10 +"
                 filter="(!(olcDatabase={0}config))"

overlay         syncprov

MirrorMode      on


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/