[Date Prev][Date Next] [Chronological] [Thread] [Top]

MDB data replication issues



Hi,

 

I am using a OpenLDAP 2.4.44 Multi master configuration with two slapd servers, master and replica using MDB backend. I got a problem in replicating when the data is added using slapadd.

I have two slapd with ports 2016 and 2017. slapd.conf file for both the servers are attached.

 

Scenario 1:

When an LDIF entry is added using ldapadd or deleted using ldapdelete, it gets replicated in the replica server correctly.

Below is the ldapsearch result om Master server:

GURKES254 linus> ldapsearch -h xx.xx.xx.xx -p 2016 -b "dc=my-domain,dc=com"  "ou=Test9"

# extended LDIF

#

# LDAPv3

# base <dc=my-domain,dc=com> with scope subtree

# filter: ou=Test9

# requesting: ALL

#

 

# Test9, people, my-domain.com

dn: ou=Test9,ou=people,dc=my-domain,dc=com

ou: Test9

objectClass: organizationalUnit

companyName: Test9Grp

 

# search result

search: 2

result: 0 Success

 

# numResponses: 2

# numEntries: 1

 

Below is the ldapsearch result om replica server:

GURKES254 linus> ldapsearch -h xx.xx.xx.xx -p 2017 -b "dc=my-domain,dc=com"  "ou=Test9"

# extended LDIF

#

# LDAPv3

# base <dc=my-domain,dc=com> with scope subtree

# filter: ou=Test9

# requesting: ALL

#

 

# Test9, people, my-domain.com

dn: ou=Test9,ou=people,dc=my-domain,dc=com

ou: Test9

objectClass: organizationalUnit

companyName: Test9Grp

 

# search result

search: 2

result: 0 Success

 

# numResponses: 2

# numEntries: 1

 

 

Scenario 2:

When an LDIF entry is imported using slapadd, it doesn’t get replicated in the replica server at all.

Below is the ldapsearch result om Master server:

GURKES254 linus> ldapsearch -h xx.xx.xx.xx -p 2016 -b "dc=my-domain,dc=com"  "ou=Test9"

# extended LDIF

#

# LDAPv3

# base <dc=my-domain,dc=com> with scope subtree

# filter: ou=Test9

# requesting: ALL

#

 

# Test9, people, my-domain.com

dn: ou=Test9,ou=people,dc=my-domain,dc=com

ou: Test9

objectClass: organizationalUnit

companyName: Test9Grp

 

# search result

search: 2

result: 0 Success

 

# numResponses: 2

# numEntries: 1

 

Below is the ldapsearch result om replica server:

GURKES254 linus> ldapsearch -h xx.xx.xx.xx -p 2017 -b "dc=my-domain,dc=com"  "ou=Test9"

# extended LDIF

#

# LDAPv3

# base <dc=my-domain,dc=com> with scope subtree

# filter: ou=Test9

# requesting: ALL

#

 

# search result

search: 2

result: 0 Success

 

# numResponses: 1

 

Please let me know in case any other information is required.

 

Br

Gurjot Kaur

 

"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/core.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/cosine.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/inetorgperson.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/extendedperson.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/cmm.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/authentication.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/osp/local/home/linus/OpenLDAP244_LMDB1/var/run/slapd.pid
argsfile	/osp/local/home/linus/OpenLDAP244_LMDB1/var/run/slapd.args

# Load dynamic backend modules:
# modulepath	/osp/local/home/linus/OpenLDAP244_LMDB1/libexec/openldap
# moduleload	back_mdb.la
# moduleload	back_ldap.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#########################################
# uniquely identifies this server
#########################################
serverID 1

#######################################################################
# MDB database definitions
#######################################################################

database	mdb
maxsize		1073741824
suffix		"dc=my-domain,dc=com"
rootdn		"cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/osp/local/home/linus/OpenLDAP244_LMDB1/var/openldap-data

########################################################################
# enable a lot of logging - we might need it
########################################################################
loglevel -1

########################################################################
# Consumer Setup : this server act as consumer of the other
########################################################################
syncRepl rid=000
  provider=ldap://xx.xx.xx.xx:2017
	type=refreshAndPersist
	retry="5 + 5 +"
  searchbase="dc=my-domain,dc=com"
	attrs=*
	interval=00:00:00:09
	schemachecking=off
	bindmethod=simple
  binddn="cn=Manager,dc=my-domain,dc=com"
	credentials=secret

########################################################################
# Indexing
########################################################################
index entryCSN eq
index entryUUID eq
index objectClass eq
index	cn		eq

#########################################################################
# mirror mode essential to allow writes
# and must appear after all syncrepl directives
#########################################################################
mirrormode on
#database monitor

#########################################################################
# define the provider to use the syncprov overlay
# (last directives in database section)
#########################################################################
overlay syncprov
# contextCSN saved to database every 100 updates or ten minutes
syncprov-checkpoint 100 10
syncprov-sessionlog 100
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/core.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/cosine.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/inetorgperson.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/extendedperson.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/cmm.schema
include		/osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/authentication.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/osp/local/home/linus/OpenLDAP244_LMDB2/var/run/slapd.pid
argsfile	/osp/local/home/linus/OpenLDAP244_LMDB2/var/run/slapd.args

# Load dynamic backend modules:
# modulepath	/osp/local/home/linus/OpenLDAP244_LMDB2/libexec/openldap
# moduleload	back_mdb.la
# moduleload	back_ldap.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#########################################
# uniquely identifies this server
#########################################
serverID 2

#######################################################################
# MDB database definitions
#######################################################################

database	mdb
maxsize		1073741824
suffix		"dc=my-domain,dc=com"
rootdn		"cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/osp/local/home/linus/OpenLDAP244_LMDB2/var/openldap-data

########################################################################
# enable a lot of logging - we might need it
########################################################################
loglevel -1

########################################################################
# Consumer Setup : this server act as consumer of the other
########################################################################
syncRepl rid=000
  provider=ldap://xx.xx.xx.xx:2016
	type=refreshAndPersist
	retry="5 + 5 +"
  searchbase="dc=my-domain,dc=com"
	attrs=*
	interval=00:00:00:09
	schemachecking=off
	bindmethod=simple
  binddn="cn=Manager,dc=my-domain,dc=com"
	credentials=secret

########################################################################
# Indexing
########################################################################
index entryCSN eq
index entryUUID eq
index objectClass eq
index	cn		eq

#########################################################################
# mirror mode essential to allow writes
# and must appear after all syncrepl directives
#########################################################################
mirrormode on
#database monitor

#########################################################################
# define the provider to use the syncprov overlay
# (last directives in database section)
#########################################################################
overlay syncprov
# contextCSN saved to database every 100 updates or ten minutes
syncprov-checkpoint 100 10
syncprov-sessionlog 100