[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ldap Replication Query



Hello LDAP Brains,

I have setup a Samba PDC (192.168.1.2) and a Samba BDC (192.168.4.2) both are on different subnets, there are two issues for me as below

PDC - SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL = 2, samba-3.6.3-0.18.3, openldap2-2.4.26-0.12.1

BDC - SUSE Linux Enterprise Server 10 (i586) , VERSION = 10, samba-3.0.22-13.16, openldap2-2.3.19-18.7



1. On the BDC if I give the command below I get Unable to find a suitable server

BDC2:~ # net rpc info

Unable to find a suitable server

2. I am not able to sync ldap database, BDC with the PDC

I have enclosed my slapd.conf of PDC and BDC, can anybody let me know where I have gone wrong.

Your help is highly appreciated, thanks in advance.
Hanumanth Rao


include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/samba3.schema
include         /etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

# Load dynamic backend modules:
modulepath      /usr/lib/openldap/modules
# moduleload    back_ldap.la
# moduleload    back_meta.la
# moduleload    back_monitor.la
# moduleload    back_perl.la

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access to user password
#               Allow anonymous users to authenticate
#               Allow read access to everything else
#       Directives needed to implement policy:
## Yast2 samba hack ACL
## allow the "ldap admin dn" access, but deny everyone else
access to attrs=SambaLMPassword,SambaNTPassword
by dn="cn=sysadmin,dc=melcon,dc=org" write
    by * none
## Yast2 samba hack ACL done
access to dn.base=""
        by * read

access to dn.base="cn=Subschema"
        by * read

access to attrs=userPassword,userPKCS12
        by self write
        by * auth

access to attrs=shadowLastChange
        by self write
        by * read

access to *
        by * read

# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

loglevel 0
allow bind_v2
database bdb
suffix "dc=melcon,dc=org"
rootdn "cn=sysadmin,dc=melcon,dc=org"
rootpw "secret"
directory /var/lib/ldap
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber,entryCSN,entryUUID eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID eq
index memberUid eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq

syncrepl
       rid=11
       provider=ldap://192.168.1.2:389
       type=refreshOnly
       bindmethod=simple
       binddn="cn=sysadmin,dc=melcon,dc=org"
       credentials=secret
       searchbase="dc=melcon,dc=org"
       filter="(objectClass=*)"
       attrs="*"
       schemachecking=off
       scope=sub
       retry="60 +"
#path: /etc/openldap/slapd.conf
#provider

include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/samba3.schema
#If your slapd was configured with dynamic module support,
#and your backends and overlays are not statically compiled,
#you will need these module statements.
modulepath /usr/lib/openldap/modules
#moduleload syncprov.la
#moduleload accesslog.la
#moduleload back_bdb.la

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
allow bind_v2

# Samba Primary Database melcon.org
loglevel 0
database    bdb
suffix      "dc=melcon,dc=org"
rootdn      "cn=sysadmin,dc=melcon,dc=org"
rootpw      "secret"
directory   /var/lib/ldap
checkpoint 1024 5
cachesize 10000

index objectClass,uidNumber,gidNumber,entryCSN,entryUUID eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID eq
index memberUid eq
index sambaPrimaryGroupSID eq
index sambaSIDList eq,pres
index sambaDomainName eq

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
idletimeout 30