>>> wailok tam <[email protected]> schrieb am 26.11.2014 um 07:39 in Nachricht <645659927.713985.1416983965481.javamail.ya...@jws10067.mail.ne1.yahoo.com>: > Hi, all, > I cannot get replication to work even I get no error message. I change a > record on the Master but when I check it on the slave, it remains unchanged. > (Is it immediate?)
I can recommand to activate these (at least) while you are wondering what's going on: olcLogLevel: config olcLogLevel: sync And don't forget to examine syslog then. Every sync-related change to the database is logged then. > The following command on slave: ldapsearch -x -h [MASTER HOST NAME] -W -D > 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=tam)' > returns no error message and gives the expected record. Maybe try this on all your servers and compare the results; if different start with a configuration where all the contextCSNs are identical: ldapsearch -Y EXTERNAL -H ldapi:/// -b '<your_base>' -s base 'objectClass=dcObject' contextCSN > I am suspecting I may have screwed up the ssl/tls setting for the slave as I > dont know what to put there. The master is set to use ssl/tls and it > communicates fine with the client thru the ldaps protocol. Why not use TLS? These were enough for me: olcTLSCACertificatePath: /etc/ssl/certs olcTLSCertificateFile: /etc/ssl/servercerts/slapd.pem olcTLSCertificateKeyFile: /etc/ssl/.../slapd.key > Your help is much needed. > First come the slapd.conf of the slave (I dont have the lines for ssl certs. > I just use the ldaps address in the replication directive. Is that enough?): How should SSL work without certificates? (last comment) > ### configuration for IER### writeen by T.Tanaka > include /etc/openldap/schema/core.schemainclude > /etc/openldap/schema/cosine.schemainclude > /etc/openldap/schema/inetorgperson.schemainclude > /etc/openldap/schema/nis.schemainclude > /etc/openldap/schema/samba.schema > # Allow LDAPv2 client connections. This is NOT the default.allow bind_v2 > # Do not enable referrals until AFTER you have a working directory# service > AND an understanding of referrals.#referral ldap://root.openldap.org > pidfile /var/run/openldap/slapd.pidargsfile > /var/run/openldap/slapd.args > ######################################################################## > ldbm and/or bdb database > definitions################################################################## > ##### > database bdbsuffix "dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn > "cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"rootpw SLAVEPWdirectory > /var/lib/ldap > > # Replicas of this database > > # Indices to maintain for this databaseindex objectClass > eq,presindex ou,cn,mail,surname,givenname eq,pres,subindex > uidNumber,gidNumber,loginShell eq,presindex uid,memberUid > eq,pres,subindex nisMapName,nisMapEntry eq,pres,subindex > entryCSN,entryUUID eq idlcachesize 1000 > > access to attrs=userPassword by > dn="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" write by self write > by anonymous auth by * none > > access to * by dn="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" > write by self write by * read > > > > #loglevel stats sync > syncrepl rid=001 > provider=ldaps://mail.ier.hit-u.ac.jp type=refreshAndPersist > interval=00:00:05:00 searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp" > binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" > credentials=SLAVEPW > > Next come the slapd.conf of the master: > ### configuration for IER### writeen by T.Tanaka### edited by WL.Tam > > > include /etc/openldap/schema/core.schemainclude > /etc/openldap/schema/cosine.schemainclude > /etc/openldap/schema/inetorgperson.schemainclude > /etc/openldap/schema/nis.schemainclude > /etc/openldap/schema/samba.schema > > # Allow LDAPv2 client connections. This is NOT the default.allow bind_v2 > pidfile /var/run/openldap/slapd.pidargsfile > /var/run/openldap/slapd.args > > ######################################################################## > ldbm and/or bdb database > definitions################################################################## > ##### > database bdbsuffix "dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn > "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"rootpw MASTERPWdirectory > /var/lib/ldap > > TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crtTLSCertificateFile > /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crtTLSCertificateKeyFile > /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key > > overlay syncprovsyncprov-checkpoint 50 10syncprov-sessionlog 100 > > > > # Indices to maintain for this databaseindex objectClass > eq,presindex ou,cn,mail,surname,givenname eq,pres,subindex > uidNumber,gidNumber,loginShell eq,presindex uid,memberUid > eq,pres,subindex nisMapName,nisMapEntry eq,pres,subindex > entryCSN,entryUUID eq idlcachesize 1000 > > access to attrs=userPassword by self write by > dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by > dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by > dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by > anonymous auth by * none > > > access to attrs=SambaLMPassword,SambaNTPassword by > dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by > dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by > dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by self > read by anonymous auth by * none > access to * by self write by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" > write by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by * read
