Seger, Mark wrote: > I’m an admitted ldap lightweight but have been able to bring up an ldap > server and populate it with the contents of my /etc/passwd file. Now I > want to set up a replica on another machine using sync replication and > am having a few issues getting it to work. My most recent success was > getting simple authentication working because before it was failing and > now it’s not so I’ve at least gotten that far. Here’s what my > replication section looks like in ldap.conf: > >
Hi, has 'lsfadmin' access to read whole tree on the master? And if it's simple Master X N slaves type, which probably is, you can't write to slave - slapd.conf :: updateref ldaps://mymaster.domain.tld Regards, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: [email protected] jabber: [email protected] > > syncrepl rid=123 > > provider=ldap://10.99.99.99:389 > > type=refreshOnly > > interval=01:00:00:00 > > searchbase="dc=myldap,dc=com" > > filter="(objectClass=account)" > > scope=sub > > schemachecking=off > > updatedn="cn=replica,dc=myldap,dc=com" > > bindmethod=simple > > binddn="uid=lsfadmin,ou=People,dc=myldap,dc=com" > > credentials=Something > > > > I’m pretty sure I have the search parameters set correctly because if I run: > > > > ldapsearch -x -h 10.99.99.99 -b 'dc=myldap,dc=com' -A uid > > > > it dumps all my uids. > > > > The part I’m on clear on is how to define things on the slave side. For > example I have the main part of the conf set the same on the master, > just to make things easy on me and so I have the following which is > exactly how I have the master set up. > > > > database bdb > > suffix "dc=myldap,dc=com" > > rootdn "cn=Manager,dc=myldap,dc=com" > > rootpw {SSHA}ZmTfiKLVf8X5GERsT3b3AoB3/hFV3l7R > > directory /var/lib/ldap > > > > I’m guessing my problem may be with > updatedn="cn=replica,dc=myldap,dc=com", but I’m not sure what it should > be and whether or not I have to prime the replica with any special > authentication to be able to write to it. > > > > If I run “ldapsearch -x -b 'dc=myldap,dc=com'” against the replica it > comes up empty so I’m sure nothing is getting replicated. Further if I > run the slave slapd with –d128 I get: > > > > [r...@hpdc3dmgt1 ~]# slapd -d 128 > > @(#) $OpenLDAP: slapd 2.3.43 (Nov 6 2008 02:53:24) $ > > > [email protected]:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd > > slapd starting > > request done: ld 0x2ac52b507c70 msgid 1 > > => bdb_entry_get: cannot find entry: "dc=myldap,dc=com" > > do_syncrep2: rid 123got search entry without control > > do_syncrepl: rid 123 quitting > > > > but I have no idea where it’s looking for the entry, on the master or > the slave? But I do have that entry on the master. > > > > I’m sure I’m doing something wrong but am also hoping it’s relatively minor. > > > > -mark > > > > >
