Re: FC6 OpenLDAP replication trouble

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2007-01-15 at 17:51 -0800, Tim Alberts wrote:
> I have 2 servers, both running FC6 and OpenLDAP (included RPMS) all 
> software is yum update as of a couple days ago. I have both servers 
> setup to authenticate which is working fine.  I have the master LDAP 
> server setup with a corporate address book.  I can even query it with 
> Outlook and other email clients.  The problem I'm having is trying to 
> get changes replicated from the master to the slave.
> 
> The following is the /etc/openldap/slapd.conf file on the MASTER:
> 
> include        /etc/openldap/schema/core.schema
> include        /etc/openldap/schema/cosine.schema
> include        /etc/openldap/schema/inetorgperson.schema
> include        /etc/openldap/schema/nis.schema
> 
> allow bind_v2
> 
> pidfile        /var/run/openldap/slapd.pid
> argsfile    /var/run/openldap/slapd.args
> 
> database    bdb
> suffix        "dc=mydomain,dc=com"
> rootdn        "cn=Manager,dc=mydomain,dc=com"
> rootpw        ubersupersecret
> 
> directory    /var/lib/ldap
> 
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> 
> replogfile /var/lib/ldap/openldap-master-replog
> replica uri=ldap://slave.mydomain.com:389
>                 binddn="cn=Manager,dc=mydomain,dc=com"
>                 bindmethod=simple credentials=secret
> 
> 
> The following is the /etc/openldap/slapd.conf file on the SLAVE:
> 
> include        /etc/openldap/schema/core.schema
> include        /etc/openldap/schema/cosine.schema
> include        /etc/openldap/schema/inetorgperson.schema
> include        /etc/openldap/schema/nis.schema
> 
> allow bind_v2
> 
> pidfile        /var/run/openldap/slapd.pid
> argsfile    /var/run/openldap/slapd.args
> 
> database    bdb
> suffix        "dc=mydomain,dc=com"
> rootdn        "cn=Manager,dc=mydomain,dc=com"
> rootpw        ubersupersecret
> 
> directory    /var/lib/ldap
> 
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> 
> updatedn "cn=Manager,dc=mydomain,dc=com"
> updateref ldap://master.mydomain.com:389/
> 
> The master server has created the update file and the slurpd is 
> running.  However, the update log I specified is empty and there is a 
> sub folder /replica/ in the /var/lib/ldap/ which seems to contain all 
> the updates.  If anyone sees something I'm doing wrong, please help.  
> Also, can someone tell me how long it takes for slurpd to 'wakeup' and 
> look for changes?
> 
> Thank you in advance.
----
is slurpd running?  
ps aux|grep slurpd 

I vaguely recall having to enable slurpd either in /etc/sysconfig/ or
in /etc/init.d/ldap but I don't use Fedora for LDAP server

generally, you don't use the rootbinddn for slurpd replication...can I
presume that you are putting the 'unencrypted' version of the rootbinddn
in 'credentials' on the 'MASTER' and then I don't see a passwd-hash or
passwd-crypt-salt-format setting in either.

next, your config doesn't show any ACL's for either master or slave
config and by default, that which isn't allowed is denied so (except
rootbinddn)

lastly, logs are your friend...you probably want to add 'loglevel 256'
or even higher and to keep these logs separate from syslog, try adding
to /etc/syslog.conf

local4.*                                                /var/log/slapd.log

service syslog restart # to make changes effective
service ldap restart   # to make changes effective

Craig

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux