Sorry Philip
here is my slap.conf file from one of the openldap 2.3 (consumer) which is
working fine
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=kinect,dc=co,dc=nz"
rootdn "cn=Manager,dc=kinect,dc=co,dc=nz"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}vO/5mpk4CMOKDelv36BpjksRaHFjgqh1
password-hash {CRYPT}
password-crypt-salt-format "%s"
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
checkpoint 128 15
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryUUID eq
index entryCSN eq
#threads 64
# Unlimited query size
sizelimit unlimited
syncrepl rid=3
provider=ldap://testaaa-int.dcnztest.co.nz:389
bindmethod=simple
binddn="cn=sync,dc=kinect,dc=co,dc=nz"
credentials=ieLeik8v
type=refreshAndPersist
retry="05 +"
searchbase="dc=kinect,dc=co,dc=nz"
schemachecking=off
I used the above file to config slave for openldap2.4
here are the steps
#slapcat -f slapd.conf -F /tmp/ldap -n 0 - This will create cn=config
format in /tmp/ldap using the slapd.conf file from openldap 2.3
#rm -rf /etc/openldap/slapd.d/* - remove the current files in
/etc/openldap/slapd.d
# cp -rp /tmp/ldap/cn\=config* /etc/openldap/slapd.d/ - copy the cn=config
created above to /etc/openldap/slapd.d
# chown -R ldap: /etc/openldap/slapd.d - change ownership to ldap:ldap
#slaptest -uF /etc/openldap/slapd.d - successful
#/etc/init.d/slapd start
In the logs in gave an error
Mar 18 11:49:45 vm-nix-t01 slapd[2049]: null_callback : error code 0x50
Mar 18 11:49:45 vm-nix-t01 slapd[2049]: syncrepl_entry: rid=003 be_add
cn=Dial_IP,ou=Group,ou=auth,dc=kinect,dc=co,dc=nz failed (80)
Mar 18 11:49:45 vm-nix-t01 slapd[2049]: do_syncrepl: rid=003 rc 80 retrying
Mar 18 11:49:50 vm-nix-t01 slapd[2049]: bdb(dc=kinect,dc=co,dc=nz): Lock
table is out of available lock entries
Mar 18 11:49:50 vm-nix-t01 slapd[2049]: => bdb_idl_insert_key: c_put id
failed: Cannot allocate memory (12)
Mar 18 11:49:50 vm-nix-t01 slapd[2049]: null_callback : error code 0x50
Mar 18 11:49:50 vm-nix-t01 slapd[2049]: syncrepl_entry: rid=003 be_add
cn=Dial_IP,ou=Group,ou=auth,dc=kinect,dc=co,dc=nz failed (80)
Mar 18 11:49:50 vm-nix-t01 slapd[2049]: do_syncrepl: rid=003 rc 80 retrying
Mar 18 11:49:55 vm-nix-t01 slapd[2049]: bdb(dc=kinect,dc=co,dc=nz): Lock
table is out of available lock entries
Mar 18 11:49:55 vm-nix-t01 slapd[2049]: => bdb_idl_insert_key: c_put id
failed: Cannot allocate memory (12)
Mar 18 11:49:55 vm-nix-t01 slapd[2049]: null_callback : error code 0x50
Mar 18 11:49:55 vm-nix-t01 slapd[2049]: syncrepl_entry: rid=003 be_add
cn=Dial_IP,ou=Group,ou=auth,dc=kinect,dc=co,dc=nz failed (80)
Mar 18 11:49:55 vm-nix-t01 slapd[2049]: do_syncrepl: rid=003 rc 80 retrying
But since I increase the value of the DB_CONFIG, it took out that above and
only log stop and start openldap
Mar 18 15:02:22 vm-nix-t01 slapd[3178]: slapd stopped.
Mar 18 15:04:18 vm-nix-t01 slapd[1478]: @(#) $OpenLDAP: slapd 2.4.23 (Oct
31 2012 08:14:14) $#012#[email protected]:
/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
Mar 18 15:04:20 vm-nix-t01 slapd[1479]: bdb_monitor_db_open: monitoring
disabled; configure monitor database to enable
Mar 18 15:04:20 vm-nix-t01 slapd[1479]: slapd starting
slapd.conf of the PROVIDER
# cat /etc/openldap/slapd.conf
..............
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/freeradius.schema
# Logging
loglevel none
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/tls/testaaa-int.dcnztest.co.nz.crt
TLSCertificateKeyFile /etc/openldap/tls/testaaa-int.dcnztest.co.nz.key
#######################################################################
# security policies
#######################################################################
# prevent anonymous lookups of hashed passwords
access to attrs=userPassword
by dn.exact="cn=sync,dc=kinect,dc=co,dc=nz" read
by dn.exact="uid=client-root,ou=auth,dc=kinect,dc=co,dc=nz" write
by self write
by anonymous auth
by * none
# default allow all
access to *
by self write
by users read
by anonymous read
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=kinect,dc=co,dc=nz"
rootdn "cn=Manager,dc=kinect,dc=co,dc=nz"
#threads 64
# Allow unlimited length DB queries - important for ensuring reliable sync
sizelimit unlimited
rootpw {SSHA}vO/5mpk4CMOKDelv36BpjksRaHFjgqh1
password-hash {CRYPT}
password-crypt-salt-format "%s"
directory /var/lib/ldap
checkpoint 128 15
# Indices to maintain for this database
index entryUUID eq
index entryCSN eq
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
overlay syncprov
syncprov-checkpoint 100 10
syncproc-sessionlog 100
On the consumer openldap 2.4, there is no slapd.conf file, but here is the
cn\=config.ldif. This is another question that I am trying to understand,
the manual is talking about slapd.conf in 2.4, but it doesn't exist by
default
[root@vm-nix-t01 ~]# cat /etc/openldap/slapd.d/cn\=config.ldif
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: ../slapd.conf
olcConfigDir: /tmp/ldap
olcAllows: bind_v2
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcPasswordCryptSaltFormat: %s
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificateFile: /etc/openldap/tls/test02aaa.pem
olcTLSCertificateFile: /etc/openldap/tls/test02aaa.pem
olcTLSCertificateKeyFile: /etc/openldap/tls/test02aaa-key.pem
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0
structuralObjectClass: olcGlobal
entryUUID: 7f528bf2-4271-1033-8d3c-451e105bb7d9
creatorsName: cn=config
createTimestamp: 20140317224452Z
entryCSN: 20140317224452.209642Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20140317224452Z
On 18 March 2014 18:40, Philip Guenther <[email protected]> wrote:
> On Mon, 17 Mar 2014, Andrew Belford wrote:
> > I have just registered on the mail list seeking for assistance of how to
> > get openldap replication working between 2.3 and 2.4 openldap.
>
> Time to read the "Changes Since Previous Release" section of the 2.4 admin
> guide:
> http://www.openldap.org/doc/admin24/appendix-changes.html
>
>
> > My provider is running on 2.3(openldap) which replicates successfully
> > to a 2.3(openldap slave). Recently we build a rhel6 host that comes
> > with openldap 2.4 with the intention to run openldap on it as slave.
> >
> > I have stand up the new slave(2.4 openldap) using the same configuration
> of
> > the other running slave(2.3openldap)
> > I have managed to slapadd the ldif of the master to the new slave
> > slapadd -l /tmp/AAA01_20140314.ldif
> >
> > However, if I try and search for entries, it shows the following but I am
> > expecting 32K objects
>
> Item B.2 at
> http://www.openldap.org/doc/admin24/appendix-upgrading.html
> ?
>
>
> > I also don't see any replication details in /var/log/slapd.log
>
> Since you don't mention how you configured replication to this 2.4 box or
> what output you were expecting, I can't help on this.
>
>
> Philip Guenther
>
