Sent: Sun May 27 2012 13:11:32 GMT-0400 (EDT)
From: Elias Probst <[email protected]>
To: [email protected]
Subject: syncrepl for cn=config, changes fail with "tag=103 err=53
text=shadow context; no update referral"
Hi List,
I'm trying to setup a master/master replication scenario, starting with
getting cn=config replicated properly using OpenLDAP 2.4.30 on Gentoo.
I've tried to start with a minimal config which is now up and running on both
servers.
As long as I start only one of both servers I can edit everything in cn=config
just fine, but as soon as they both run at the same time, they get into a
state which causes some trouble.
Even shutting down one of both doesn't help then, I need to start from scratch
again at this point.
Submitting any changes results in this error message:
RESULT tag=103 err=53 text=shadow context; no update referral
There are two servers, connected via OpenVPN:
ID 1, 10.44.0.1
ID 2, 10.44.0.7
I use the following configuration file to seed the initial online
configuration for each server, before bringing them up both, using:
slapd -f /tmp/slapd.conf -F /etc/openldap/slapd.d -u ldap -g ldap -d1
moduleload memberof.so
moduleload syncprov.so
moduleload refint.so
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openssh.schema
TLSCACertificateFile /etc/ssl/slapd/slapd.cacrt
TLSCertificateFile /etc/ssl/slapd/slapd.crt
TLSCertificateKeyFile /etc/ssl/slapd/slapd.key
TLSVerifyClient allow
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel 256
access to attrs=userPassword
by self write
by * auth
access to *
by * read
ServerID 1 ldap://10.44.0.1
ServerID 2 ldap://10.44.0.7
backend bdb
database config
rootdn cn=config
rootpw {SSHA}RI/d8i2R7XXlo2+kf2LcYzYOcIry+qaa
syncrepl rid=001
provider="ldap://10.44.0.7";
binddn="cn=config"
bindmethod="simple"
credentials="nothingtoseehere"
searchbase="cn=config"
type=refreshAndPersist
retry="10 +"
filter="(!(olcDatabase={0}config))"
syncrepl rid=002
provider="ldap://10.44.0.1";
binddn="cn=config"
bindmethod="simple"
credentials="nothingtoseehere"
searchbase="cn=config"
type=refreshAndPersist
retry="10 +"
filter="(!(olcDatabase={0}config))"
overlay syncprov
I don't quite understand the error message, as it somehow indicates the
servers would be running in shadow context/MirrorMode, which is set to FALSE.
So does anyone have an idea, what's wrong with my setup?
Thanks a lot!
- Elias
You need to enable MirrorMode.
The official mult-master replication guide covers this,
http://www.openldap.org/doc/admin24/replication.html#N-Way Multi-Master
<http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master>
You are getting the error because the database thinks it is a slave to
the other database, so it disallows local writes. MirrorMode is just as
it sounds, both servers are 'mirrors'.
-Patrick
