[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re[2]: Trying to Mirror 2 OpenLDAP servers
- To: "Quanah Gibson-Mount" <quanah@zimbra.com>, openldap-technical@openldap.org
- Subject: Re[2]: Trying to Mirror 2 OpenLDAP servers
- From: "Sterling Sahaydak" <sterling.sahaydak@pi-coral.com>
- Date: Thu, 04 Sep 2014 22:52:41 +0000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pi-coral.com; s=google; h=from:to:subject:date:message-id:in-reply-to:reply-to:user-agent :mime-version:content-type:content-transfer-encoding; bh=4FDWd+EleEymtVFPKDJf669UTTmmR6NiBV8RyPMaAGQ=; b=j1nkXKUVnIB9Q/EscZoQjLAwzoxYNlqGPz0MjT2O34p0W3TvMDAYLl9FY+kaFfD9FM Du/1AMHwYE0DgRpTNLLWEgkoDzpKJKaspsD5qlIp2d2MCY5FX+S7SdjqOtsKsF395Nhe 7HyaXKTmGs4zE7nS7QRLXurNkZAqTDjvihlUQ=
- In-reply-to: <EAD26796D307429458772AA7@192.168.1.2>
- User-agent: eM_Client/6.0.20617.0
I think your response, you may be getting confused with someone else?
I haven't been on IRC - don't have an account there or even installed to
check, so not sure of the dialog or reference you are referring to.
As to the build, I'm on CentOS and not RHEL, so as to the build it's
relatively up to date on that platform and definitely not 4 years old.
Maybe a couple months old only.
My understanding is this is not restricted to RHEL only, so still
inquiring to the community assistance here. If there is another please,
then please let me know.
Running into the following:
slapd -d sync
@(#) $OpenLDAP: slapd 2.4.23 (Feb 3 2014 19:11:35) $
mockbuild@c6b10.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
/etc/openldap/slapd.conf: line 163: warning, destination attributeType
'sAMAccountName' is not defined in schema
PROXIED attributeDescription "SAMACCOUNTNAME" inserted.
/etc/openldap/slapd.conf: line 213: rootdn is always granted unlimited
privileges.
bdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
slapd starting
TLS: error: the certificate '/etc/openldap/certs/ldap_example_net.crt'
could not be found in the database - error -12285:Unable to find the
certificate or key necessary for authentication..
TLS: certificate '/etc/openldap/certs/ldap_example_net.crt' successfully
loaded from PEM file.
TLS: no unlocked certificate for certificate
'CN=ldap.example.net,O="xx-xxxxxxx, INC.",L=xxxx,ST=xxxxxx,C=US'.
do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
In my slapd.conf I have setup (Provider setup):
TLSCertificateFile /etc/openldap/certs/ldap_example_net.crt
TLSCertificateKeyFile /etc/openldap/certs/ldap_example_net.key
TLSCACertificateFile /etc/openldap/certs/CAcompany.crt
serverID 1
overlay syncprov
#syncprov-checkpoint 100 10
syncprov-checkpoint 100 2
syncprov-sessionlog 100
#LDAP Sync - Slave - Consumer
syncrepl rid=001
provider=ldaps://ldap-west.examplel.net
bindmethod=simple
binddn="cn=xxxxx,ou=Roles,dc=pcoral,dc=net"
credentials=xxxxxxxxxxxx
searchbase="dc=example,dc=net"
filter="(objectclass=*)"
attrs="*"
schemachecking=on
type=refreshAndPersist
interval=00.00.00:30
retry="60 +"
mirrormode on
So, not sure why the synchronization isn't working?
Thanks.
------ Original Message ------
From: "Quanah Gibson-Mount" <quanah@zimbra.com>
To: "Sterling Sahaydak" <sterling.sahaydak@pi-coral.com>;
openldap-technical@openldap.org
Sent: 9/4/2014 5:47:38 PM
Subject: Re: Trying to Mirror 2 OpenLDAP servers
--On Thursday, September 04, 2014 3:30 PM -0700 Quanah Gibson-Mount
<quanah@zimbra.com> wrote:
--On Thursday, September 04, 2014 10:14 PM +0000 Sterling Sahaydak
<sterling.sahaydak@pi-coral.com> wrote:
Just updated slapd.conf with CA Certs and trying to get mirroring
synchronization to work.
Running into the following:
slapd -d sync
@(#) $OpenLDAP: slapd 2.4.23 (Feb 3 2014 19:11:35) $
Don't waste your time using this build, as you were already informed
on
IRC.
Since you quit IRC in a huff, I'll give you some follow on thoughts:
a) It is not the community's job to support the broken builds that RHEL
created. They are known to have numerous problems, some of which were
inflicted by RH itself by doing custom patches against OpenLDAP.
b) 2.4.23 is over 4 years old at this point. There have been numerous
bugs fixed since that release, particularly around MMR.
c) RHEL links to the non-standard NSS encryption libraries, which are
utterly broken in concept, which may be the cause of your cert issues
d) There are freely available current alternatives to using the crap
shipped by RHEL if you are not comfortable with building OpenLDAP
yourself. You should investigate using them rather than complaining
that the community is refusing to support RHEL's garbage.
Alternatives:
<http://www.symas.com/> - They offer free OpenLDAP builds sanely linked
to OpenSSL. They also provide support contracts, with extremely
knowledgable staff (The primary openldap developer works for them, for
example).
<http://ltb-project.org/wiki/> - They offer free OpenLDAP builds sanely
linked to OpenSSL. They also have a support forum for their builds.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration