Find the answer to your Linux question:
Results 1 to 8 of 8
I am trying to set up two Linux Redhat servers running openldap 2.4.11 to use mirrored replication. The documentation for this from openldap.org is pretty poor. I've set up the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2008
    Posts
    4

    openldap 2.4.11 - mirrored replication


    I am trying to set up two Linux Redhat servers running openldap 2.4.11 to use mirrored replication. The documentation for this from openldap.org is pretty poor.

    I've set up the following slapd.conf on both servers with the only difference being the serverID entry. (I've xxx'd out a few fields. xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy are the ip addresses of the two servers). I've configured with --enable-debug so I get a lot of debug information, but I'm not seeing anything that indicates an error is occurring. However, the data added to one ldap server is not being replicated in the other.

    Any ideas?

    #------------------------------------------------------------------------------
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.

    include /usr/local/etc/openldap/schema/core.schema
    include /usr/local/etc/openldap/amhs_rfc2294.schema

    #------------------------------------------------------------------------------

    allow bind_v2
    loglevel -1
    pidfile /usr/local/var/run/slapd.pid
    argsfile /usr/local/var/run/slapd.args

    #------------------------------------------------------------------------------
    # ldbm and/or bdb database definitions

    database bdb
    suffix "dc=amhs"
    rootdn "cn=manager,dc=amhs"

    #------------------------------------------------------------------------------
    # Cleartext passwords, especially for the rootdn, should be avoided. See
    # slappasswd( and slapd.conf(5) for details. Use of strong authentication
    # is encouraged.
    # password is bluebell

    rootpw secret
    rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    #------------------------------------------------------------------------------
    # The database directory MUST exist prior to running slapd AND should only be
    # accessible by the slapd and slap tools. Mode 700 recommended.

    directory /usr/local/var/openldap-data
    mode 0600

    #------------------------------------------------------------------------------
    # Indices to maintain for this database

    index objectClass eq
    index cn eq,pres
    index personalName eq,pres
    index mHSSurname eq,sub,pres
    index mHSCommonName eq,pres

    #
    #------------------------------------------------------------------------------
    # Replication support using syncrepl -- on all masters (mirror mode)

    serverID 1

    syncrepl rid=001
    interval=00:00:00:30
    provider=ldap://xxx.xxx.xxx.xxx:389
    bindmethod=simple
    binddn="cn=manager,dc=amhs"
    credentials=bluebell
    searchbase="dc=amhs"
    schemachecking=on
    type=refreshAndPersist
    retry="60 +"

    syncrepl rid=002
    interval=00:00:00:30
    provider=ldap://yyy.yyy.yyy.yyy:389
    bindmethod=simple
    binddn="cn=manager,dc=amhs"
    credentials=bluebell
    searchbase="dc=amhs"
    schemachecking=on
    type=refreshAndPersist
    retry="60 +"

    mirrormode on

  2. #2
    Just Joined!
    Join Date
    Sep 2008
    Posts
    4
    You haven't read the documentation I wrote correctly. It clearly says to configure the syncprov overlay as well, which you haven't done.

    Also, patches are welcome and the openldap lists are the best place to post.

    --
    Kind Regards,

    Gavin Henry.
    OpenLDAP Engineering Team.

    E ghenry@OpenLDAP.org

    Community developed LDAP software.

    OpenLDAP, Project

  3. #3
    Just Joined!
    Join Date
    Sep 2008
    Posts
    4
    I have the document titled "OpenLDAP Software 2.4 Administrator's Guide". There is no version number or release date in this document. Within section "17.4 Configuring the different replication types", section "17.4.4. MirrorMode" makes no reference to syncprov. Is there a later release of this document available?

    Even having read the other sub-sections (17.4.1-17.4.4) of section 17, I still do not understand the purpose of syncprov and where it should go slapd.conf. I haven't got very far (other than very frustrated) with the trial and error strategy and am looking for accurate information on how to set up either multimaster or mirrored replication using LDAP.

    What syncprov lines should be added to the slapd.conf file provided? Are these changes the same on both servers?

    Also, where are the "openldap lists" - do you mean openldap.org mailing lists?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2008
    Posts
    4
    Quote Originally Posted by reiche View Post
    I have the document titled "OpenLDAP Software 2.4 Administrator's Guide". There is no version number or release date in this document. Within section "17.4 Configuring the different replication types", section "17.4.4. MirrorMode" makes no reference to syncprov. Is there a later release of this document available?

    Even having read the other sub-sections (17.4.1-17.4.4) of section 17, I still do not understand the purpose of syncprov and where it should go slapd.conf. I haven't got very far (other than very frustrated) with the trial and error strategy and am looking for accurate information on how to set up either multimaster or mirrored replication using LDAP.

    What syncprov lines should be added to the slapd.conf file provided? Are these changes the same on both servers?

    Also, where are the "openldap lists" - do you mean openldap.org mailing lists?
    OpenLDAP Software 2.4 Administrator's Guide: Replication

    17.4.4.1. Mirror Node Configuration

    This is the same as the Set up the provider slapd section.
    click that link.

    It's all there in that guide.

    Yes, mailing lists.

  6. #5
    Just Joined!
    Join Date
    Sep 2008
    Posts
    4
    >>> This is the same as the Set up the provider slapd section.

    It's not all there in the guide, or I wouldn't keep asking about it.

    I have figured out now that "This" in the sentence above refers to setting up

    overlay syncprov
    syncprov-checkpoint 100 10
    syncprov-sessionlog 100

    But how you can expect a reader to derive that is beyond me.

    Anyway, I do have mirror mode working now, but the document sure could use a bit of work. It took me 10 minutes to get slurpd/LDAP 2.2 working using O'Reilly's LDAP System Administration document. It took 22 hours to get mirror mode/LDAP 2.4 working using the Open LDAP System Administration manual. Something's wrong with that.

    Werner

  7. #6
    Just Joined!
    Join Date
    Sep 2008
    Posts
    4
    Quote Originally Posted by reiche View Post
    >>> This is the same as the Set up the provider slapd section.

    It's not all there in the guide, or I wouldn't keep asking about it.

    I have figured out now that "This" in the sentence above refers to setting up

    overlay syncprov
    syncprov-checkpoint 100 10
    syncprov-sessionlog 100

    But how you can expect a reader to derive that is beyond me.

    Anyway, I do have mirror mode working now, but the document sure could use a bit of work. It took me 10 minutes to get slurpd/LDAP 2.2 working using O'Reilly's LDAP System Administration document. It took 22 hours to get mirror mode/LDAP 2.4 working using the Open LDAP System Administration manual. Something's wrong with that.

    Werner
    Really? Well, O'Reilly's book was paid for, this is community documentation that is worked on in spare time. Please help improve it instead of complaining and I'll edit it when I get a chance.

    You expect enterprise grade LDAP software for nothing, but won't help spending 5 mins with some improvement documentation tips?

  8. #7
    Just Joined!
    Join Date
    Sep 2008
    Posts
    4
    I don't expect enterprise quality documentation for nothing. I do expect help when I request it in an online forum. Telling me to go look at the document which I have indicated I have already read and did not understand is not helpful. Neither is insisting that the information I need is in the document when it clearly is not.

    As far as helping improve the document, I would be willing to do this, but am unaware of the procedure. Two useful items I would suggest:
    - include a release date and/or version number on the administration manual
    - update section 17.4.4.1 as follows:

    Remove the sentence:

    "This is the same as the Set up the provider slapd section."

    Add the following:

    "Set up the syncprov overlay similar to that described in the section Set up the provider slapd section.

    overlay syncprov
    syncprov-checkpoint 100 10
    syncprov-sessionlog 100"

    Werner

  9. #8
    Just Joined!
    Join Date
    Sep 2008
    Posts
    4
    Quote Originally Posted by reiche View Post
    I don't expect enterprise quality documentation for nothing. I do expect help when I request it in an online forum. Telling me to go look at the document which I have indicated I have already read and did not understand is not helpful. Neither is insisting that the information I need is in the document when it clearly is not.

    As far as helping improve the document, I would be willing to do this, but am unaware of the procedure. Two useful items I would suggest:
    - include a release date and/or version number on the administration manual
    - update section 17.4.4.1 as follows:

    Remove the sentence:

    "This is the same as the Set up the provider slapd section."

    Add the following:

    "Set up the syncprov overlay similar to that described in the section Set up the provider slapd section.

    overlay syncprov
    syncprov-checkpoint 100 10
    syncprov-sessionlog 100"

    Werner
    All the information was in the guide. Thanks for your suggestions though. Perhaps next time, ask in the right forum, i.e. the OpenLDAP mailing lists or irc channel on freenode. This isn't the right forum.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •