FC6 OpenLDAP replication trouble
Craig White
craigwhite at azapple.com
Tue Jan 16 02:12:17 UTC 2007
On Mon, 2007-01-15 at 17:51 -0800, Tim Alberts wrote:
> I have 2 servers, both running FC6 and OpenLDAP (included RPMS) all
> software is yum update as of a couple days ago. I have both servers
> setup to authenticate which is working fine. I have the master LDAP
> server setup with a corporate address book. I can even query it with
> Outlook and other email clients. The problem I'm having is trying to
> get changes replicated from the master to the slave.
>
> The following is the /etc/openldap/slapd.conf file on the MASTER:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
>
> allow bind_v2
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> database bdb
> suffix "dc=mydomain,dc=com"
> rootdn "cn=Manager,dc=mydomain,dc=com"
> rootpw ubersupersecret
>
> directory /var/lib/ldap
>
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid eq,pres,sub
> index nisMapName,nisMapEntry eq,pres,sub
>
> replogfile /var/lib/ldap/openldap-master-replog
> replica uri=ldap://slave.mydomain.com:389
> binddn="cn=Manager,dc=mydomain,dc=com"
> bindmethod=simple credentials=secret
>
>
> The following is the /etc/openldap/slapd.conf file on the SLAVE:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
>
> allow bind_v2
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> database bdb
> suffix "dc=mydomain,dc=com"
> rootdn "cn=Manager,dc=mydomain,dc=com"
> rootpw ubersupersecret
>
> directory /var/lib/ldap
>
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid eq,pres,sub
> index nisMapName,nisMapEntry eq,pres,sub
>
> updatedn "cn=Manager,dc=mydomain,dc=com"
> updateref ldap://master.mydomain.com:389/
>
> The master server has created the update file and the slurpd is
> running. However, the update log I specified is empty and there is a
> sub folder /replica/ in the /var/lib/ldap/ which seems to contain all
> the updates. If anyone sees something I'm doing wrong, please help.
> Also, can someone tell me how long it takes for slurpd to 'wakeup' and
> look for changes?
>
> Thank you in advance.
----
is slurpd running?
ps aux|grep slurpd
I vaguely recall having to enable slurpd either in /etc/sysconfig/ or
in /etc/init.d/ldap but I don't use Fedora for LDAP server
generally, you don't use the rootbinddn for slurpd replication...can I
presume that you are putting the 'unencrypted' version of the rootbinddn
in 'credentials' on the 'MASTER' and then I don't see a passwd-hash or
passwd-crypt-salt-format setting in either.
next, your config doesn't show any ACL's for either master or slave
config and by default, that which isn't allowed is denied so (except
rootbinddn)
lastly, logs are your friend...you probably want to add 'loglevel 256'
or even higher and to keep these logs separate from syslog, try adding
to /etc/syslog.conf
local4.* /var/log/slapd.log
service syslog restart # to make changes effective
service ldap restart # to make changes effective
Craig
More information about the users
mailing list