openldap 2.4.11 - mirrored replication

I am trying to set up two Linux Redhat servers running openldap 2.4.11 to use mirrored replication. The documentation for this from openldap.org is pretty poor.

I've set up the following slapd.conf on both servers with the only difference being the serverID entry. (I've xxx'd out a few fields. xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy are the ip addresses of the two servers). I've configured with --enable-debug so I get a lot of debug information, but I'm not seeing anything that indicates an error is occurring. However, the data added to one ldap server is not being replicated in the other.

Any ideas?

#------------------------------------------------------------------------------
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/amhs_rfc2294.schema

#------------------------------------------------------------------------------

allow bind_v2
loglevel -1
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args

#------------------------------------------------------------------------------
# ldbm and/or bdb database definitions

database bdb
suffix "dc=amhs"
rootdn "cn=manager,dc=amhs"

#------------------------------------------------------------------------------
# Cleartext passwords, especially for the rootdn, should be avoided. See
# slappasswd(8) and slapd.conf(5) for details. Use of strong authentication
# is encouraged.
# password is bluebell

rootpw secret
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

#------------------------------------------------------------------------------
# The database directory MUST exist prior to running slapd AND should only be
# accessible by the slapd and slap tools. Mode 700 recommended.

directory /usr/local/var/openldap-data
mode 0600

#------------------------------------------------------------------------------
# Indices to maintain for this database

index objectClass eq
index cn eq,pres
index personalName eq,pres
index mHSSurname eq,sub,pres
index mHSCommonName eq,pres

#
#------------------------------------------------------------------------------
# Replication support using syncrepl -- on all masters (mirror mode)

serverID 1

syncrepl rid=001
interval=00:00:00:30
provider=ldap://xxx.xxx.xxx.xxx:389
bindmethod=simple
binddn="cn=manager,dc=amhs"
credentials=bluebell
searchbase="dc=amhs"
schemachecking=on
type=refreshAndPersist
retry="60 +"

syncrepl rid=002
interval=00:00:00:30
provider=ldap://yyy.yyy.yyy.yyy:389
bindmethod=simple
binddn="cn=manager,dc=amhs"
credentials=bluebell
searchbase="dc=amhs"
schemachecking=on
type=refreshAndPersist
retry="60 +"

mirrormode on

You haven't read the documentation I wrote correctly. It clearly says to configure the syncprov overlay as well, which you haven't done.

Also, patches are welcome and the openldap lists are the best place to post.

--
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

OpenLDAP, Project

I have the document titled "OpenLDAP Software 2.4 Administrator's Guide". There is no version number or release date in this document. Within section "17.4 Configuring the different replication types", section "17.4.4. MirrorMode" makes no reference to syncprov. Is there a later release of this document available?

Even having read the other sub-sections (17.4.1-17.4.4) of section 17, I still do not understand the purpose of syncprov and where it should go slapd.conf. I haven't got very far (other than very frustrated) with the trial and error strategy and am looking for accurate information on how to set up either multimaster or mirrored replication using LDAP.

What syncprov lines should be added to the slapd.conf file provided? Are these changes the same on both servers?

Also, where are the "openldap lists" - do you mean openldap.org mailing lists?

Quote:

---

Originally Posted by reiche

I have the document titled "OpenLDAP Software 2.4 Administrator's Guide". There is no version number or release date in this document. Within section "17.4 Configuring the different replication types", section "17.4.4. MirrorMode" makes no reference to syncprov. Is there a later release of this document available?

Even having read the other sub-sections (17.4.1-17.4.4) of section 17, I still do not understand the purpose of syncprov and where it should go slapd.conf. I haven't got very far (other than very frustrated) with the trial and error strategy and am looking for accurate information on how to set up either multimaster or mirrored replication using LDAP.

What syncprov lines should be added to the slapd.conf file provided? Are these changes the same on both servers?

Also, where are the "openldap lists" - do you mean openldap.org mailing lists?

---

OpenLDAP Software 2.4 Administrator's Guide: Replication

Quote:

---

17.4.4.1. Mirror Node Configuration

This is the same as the Set up the provider slapd section.

---

click that link.

It's all there in that guide.

Yes, mailing lists.

>>> This is the same as the Set up the provider slapd section.

It's not all there in the guide, or I wouldn't keep asking about it.

I have figured out now that "This" in the sentence above refers to setting up

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

But how you can expect a reader to derive that is beyond me.

Anyway, I do have mirror mode working now, but the document sure could use a bit of work. It took me 10 minutes to get slurpd/LDAP 2.2 working using O'Reilly's LDAP System Administration document. It took 22 hours to get mirror mode/LDAP 2.4 working using the Open LDAP System Administration manual. Something's wrong with that.

Werner

Quote:

---

Originally Posted by reiche

>>> This is the same as the Set up the provider slapd section.

It's not all there in the guide, or I wouldn't keep asking about it.

I have figured out now that "This" in the sentence above refers to setting up

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

But how you can expect a reader to derive that is beyond me.

Anyway, I do have mirror mode working now, but the document sure could use a bit of work. It took me 10 minutes to get slurpd/LDAP 2.2 working using O'Reilly's LDAP System Administration document. It took 22 hours to get mirror mode/LDAP 2.4 working using the Open LDAP System Administration manual. Something's wrong with that.

Werner

---

Really? Well, O'Reilly's book was paid for, this is community documentation that is worked on in spare time. Please help improve it instead of complaining and I'll edit it when I get a chance.

You expect enterprise grade LDAP software for nothing, but won't help spending 5 mins with some improvement documentation tips?

I don't expect enterprise quality documentation for nothing. I do expect help when I request it in an online forum. Telling me to go look at the document which I have indicated I have already read and did not understand is not helpful. Neither is insisting that the information I need is in the document when it clearly is not.

As far as helping improve the document, I would be willing to do this, but am unaware of the procedure. Two useful items I would suggest:
- include a release date and/or version number on the administration manual
- update section 17.4.4.1 as follows:

Remove the sentence:

"This is the same as the Set up the provider slapd section."

Add the following:

"Set up the syncprov overlay similar to that described in the section Set up the provider slapd section.

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100"

Werner

Quote:

---

Originally Posted by reiche

I don't expect enterprise quality documentation for nothing. I do expect help when I request it in an online forum. Telling me to go look at the document which I have indicated I have already read and did not understand is not helpful. Neither is insisting that the information I need is in the document when it clearly is not.

As far as helping improve the document, I would be willing to do this, but am unaware of the procedure. Two useful items I would suggest:
- include a release date and/or version number on the administration manual
- update section 17.4.4.1 as follows:

Remove the sentence:

"This is the same as the Set up the provider slapd section."

Add the following:

"Set up the syncprov overlay similar to that described in the section Set up the provider slapd section.

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100"

Werner

---

All the information was in the guide. Thanks for your suggestions though. Perhaps next time, ask in the right forum, i.e. the OpenLDAP mailing lists or irc channel on freenode. This isn't the right forum.