ldap replication problem on sles9
dear list, I'm trying to setup a slave ldap server. Both servers on sles9, sp2. Unfortunately, I'm not very succesful at it :-( I am following the instrutions from the O'Reilly "LDAP System Administration" book. Using the sles9 packages. ldap works almost perfectly. (only having a small problem with rcldap reload that doesn't seem to work, but wrote another post specifically for that today) So i added to slapd.conf replogfile /var/lib/ldap/slurpd.replog replica uri=ldap://192.87.143.6:389 suffix="dc=intech,dc=unu,dc=edu" credentials={SSHA}somethingihavedeletenfromthispost binddn="cn=replica,dc=intech,dc=unu,dc=edu" bindmethod=simple tls=no and of course I also configured the slave according to the instructions from O'Reilly: suffix "dc=intech,dc=unu,dc=edu" rootdn "cn=replica,dc=intech,dc=unu,dc=edu" rootpw {SSHA}somethingihavedeletenfromthispost updatedn "cn=replica,dc=intech,dc=unu,dc=edu" updateref ldap://servername.for.master.server Upon restart of ldap and slurpd the files /var/lib/ldap/slurpd.replog and slurpd.replog.lock are created, but are zero in size. The files that are actually being used are different: /var/lib/slurpd/replica/slurpd.replog. And when I set slapd.conf to use the SECOND set of files, NONE of the changes are recorded anywhere. Strange? I think so... And none of the changes are being replicated to the other server. There are currently no filewalls etc in between the machines, and I've double checked the credentials used. Are there any suse specific things regarding replication that I should know of? What is going wrong here? Any ideas?? Thanks very much for feedback! Mourik Jan
On 9/9/05, mourik jan heupink <heupink@intech.unu.edu> wrote:
dear list,
I'm trying to setup a slave ldap server. Both servers on sles9, sp2. Unfortunately, I'm not very succesful at it :-(
I am following the instrutions from the O'Reilly "LDAP System Administration" book. Using the sles9 packages. ldap works almost perfectly. (only having a small problem with rcldap reload that doesn't seem to work, but wrote another post specifically for that today)
So i added to slapd.conf
replogfile /var/lib/ldap/slurpd.replog
replica uri=ldap://192.87.143.6:389 suffix="dc=intech,dc=unu,dc=edu" credentials={SSHA}somethingihavedeletenfromthispost binddn="cn=replica,dc=intech,dc=unu,dc=edu" bindmethod=simple tls=no and of course I also configured the slave according to the instructions from O'Reilly: suffix "dc=intech,dc=unu,dc=edu" rootdn "cn=replica,dc=intech,dc=unu,dc=edu" rootpw {SSHA}somethingihavedeletenfromthispost updatedn "cn=replica,dc=intech,dc=unu,dc=edu" updateref ldap://servername.for.master.server
Upon restart of ldap and slurpd the files /var/lib/ldap/slurpd.replog and slurpd.replog.lock are created, but are zero in size. The files that are actually being used are different: /var/lib/slurpd/replica/slurpd.replog. And when I set slapd.conf to use the SECOND set of files, NONE of the changes are recorded anywhere.
Strange? I think so... And none of the changes are being replicated to the other server.
There are currently no filewalls etc in between the machines, and I've double checked the credentials used.
Are there any suse specific things regarding replication that I should know of? What is going wrong here? Any ideas??
Thanks very much for feedback!
Mourik Jan
Hi Mourik, see man slurpd: -t temp-dir slurpd copies the replication log to a working directory before processing it. The directory permissions should limit read/write/execute access as temporary files may contain sensitive information. This option allows you to specify the location of these temporary files. The default is /var/run/slapd/openldap-slurp. The temp directory is set in /etc/init.d/slurpd to "/var/lib/slurpd". This should answer your problem seeing two replogs. You said they are empty, did you make some modifications to the LDAP directory to have somthing to replicate? In OpenLDAP 2.2.24 (SP2) have been some slightly changes, perhaps you should turn up logging a bit e.g. by increasing the loglevel temporarily to "loglevel -1" in slapd.conf on both sides (master and slave) and look into /var/log/messages after restarting ldap if ldap is missing something or if there are permission problems or problems in the order of some directives in slapd.conf? http://www.openldap.org/doc/admin22/replication.html hope this helps, Markus
participants (2)
-
Markus Natter -
mourik jan heupink