I am not a pro at OpenLDAP but do you need to setup the "frontend" database in replication mode? In my setup, only "cn=config" is set to replicate and that takes care of replication of the "frontend" too such that any ACL changes in "frontend" of one instance propogate to other instances as well.
- Siddhartha > -----Original Message----- > From: openldap-technical-bounces+sjain=silverspringnet....@openldap.org > [mailto:openldap-technical- > [email protected]] On Behalf Of Marcio > Merlone > Sent: Wednesday, May 26, 2010 11:32 AM > To: [email protected] > Subject: Replication via cn=config > > Hi all, > > I am setting a pair of multi-master replicated servers (venus and > haumea) using Ubuntu 10.04 and OpenLDAP 2.4.21-0ubuntu5. I am following > the docs at http://www.openldap.org/doc/admin24/replication.html and > when I get to the part for this ldif: > > dn: olcDatabase={1}frontend,cn=config > objectClass: olcDatabaseConfig > objectClass: olcFrontendConfig > olcDatabase: {1}frontend > olcSuffix: dc=tld > olcDbDirectory: ./db > olcRootDN: cn=admin,dc=tld > olcRootPW: secret > olcLimits: dn.exact="cn=admin,dc=tld" time.soft=unlimited > time.hard=unlimited size.soft=unlimited size.hard=unlimited > olcSyncRepl: rid=003 provider=ldap://haumea.tld > binddn="cn=admin,dc=tld" > bindmethod=simple > credentials=secret searchbase="dc=tld" type=refreshOnly > interval=00:00:00:10 retry="5 5 300 5" timeout=1 > olcSyncRepl: rid=004 provider=ldap://venus.tld binddn="cn=admin,dc=tld" > bindmethod=simple > credentials=secret searchbase="dc=tld" type=refreshOnly > interval=00:00:00:10 retry="5 5 300 5" timeout=1 > olcMirrorMode: TRUE > > dn: olcOverlay=syncprov,olcDatabase={1}frontend,cn=config > changetype: add > objectClass: olcOverlayConfig > objectClass: olcSyncProvConfig > olcOverlay: syncprov > > I get htis error: > > r...@haumea:/etc/ldap# ldapadd -x -H ldap://localhost/ -D > "cn=admin,cn=config" -W -f replica.ldif > Enter LDAP Password: > adding new entry "olcDatabase={1}frontend,cn=config" > ldap_add: Object class violation (65) > additional info: attribute 'olcDbDirectory' not allowed > > r...@haumea:/etc/ldap# > > I googled for this but got very few useless results. Can someone point > me the right direction? > > Thanks and best regards. > > -- > Marcio Merlone
