I have two instances of an openldap-2.4.39 server running with syncrepl
in a master-master replication setup. These are Centos 7.1 test servers
which have been running for over 2 months now with no problems. Partly
the good behavior of the LDAP servers is due to very little exercise.
Yesterday I decided to try and see exactly how well replication was
working. With server-2 up and running I tried these sequences of
commands on server-1 (domain, user and DNs have been changed):
server-1> systemctl stop slapd
server-1> slapadd -l useradd.ldif
server-1> systemctl start slapd
server-1> ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b
ou=People,dc=example,dc=com uid=newuser
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=example,dc=com> with scope subtree
# filter: uid=newuser
# requesting: ALL
#
# newuser, People, example.com
dn: uid=newuser,ou=People,dc=example,dc=com
uid: newuser
cn: NEW01- newuser
uidNumber: 100510
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
gecos: NEW01- newuser
sn: NEW01- newuser
loginShell: /bin/bash
gidNumber: 100510
homeDirectory: /users/home/newuser
userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
As you can see the user was added correctly. However after a few minutes
to give replication a chance to work I went over to server-2 and tried
the equivalent ldapsearch command:
server-2> ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b
ou=People,dc=example,dc=com uid=newuser
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=example,dc=com> with scope subtree
# filter: uid=newuser
# requesting: ALL
#
# search result
search: 3
result: 0 Success
# numResponses: 1
No matter how long I wait, the newuser is never replicated on server=2.
So I tried something different. After putting back the LDAP databases so
that they were consistent I did this sequence on server-1
server-1> ldapadd -ZZ -W -D cn=Boss,dc=example,dc=com -b
ou=People,dc=example,dc=com -f useradd.ldif
This time the ldapsearch command:
ldapsearch -ZZ -W -D cn=Boss,dc=example,dc=com -b
ou=People,dc=example,dc=com uid=newuser
returns the new user on both server-1 and server-2! What I found is that
as long as I use ldapadd, ldapdelete and ldapmodify the LDAP databases
replicate correctly in a master-master mode.
My first question: Should the first sequence of commands with the
slapadd command work or am I expecting behavior that is not supported?
My second question: If the first sequence of commands with the slapadd
command should work but does not can anyone suggest a reason as to why?
For example do both server-1 and server-2 have to be shutdown before
doing the slapadd?
Thank you.
--
Paul (ganci@xxxxxxxxxx)
(303)257-5208
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
