Hi, I am using a OpenLDAP 2.4.44 Multi master configuration with two slapd servers, master and replica using MDB backend. I got a problem in replicating when the data is added using slapadd. I have two slapd with ports 2016 and 2017. slapd.conf file for both the servers are attached.
Scenario 1: When an LDIF entry is added using ldapadd or deleted using ldapdelete, it gets replicated in the replica server correctly. Below is the ldapsearch result om Master server: GURKES254 linus> ldapsearch -h xx.xx.xx.xx -p 2016 -b "dc=my-domain,dc=com" "ou=Test9" # extended LDIF # # LDAPv3 # base <dc=my-domain,dc=com> with scope subtree # filter: ou=Test9 # requesting: ALL # # Test9, people, my-domain.com dn: ou=Test9,ou=people,dc=my-domain,dc=com ou: Test9 objectClass: organizationalUnit companyName: Test9Grp # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Below is the ldapsearch result om replica server: GURKES254 linus> ldapsearch -h xx.xx.xx.xx -p 2017 -b "dc=my-domain,dc=com" "ou=Test9" # extended LDIF # # LDAPv3 # base <dc=my-domain,dc=com> with scope subtree # filter: ou=Test9 # requesting: ALL # # Test9, people, my-domain.com dn: ou=Test9,ou=people,dc=my-domain,dc=com ou: Test9 objectClass: organizationalUnit companyName: Test9Grp # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Scenario 2: When an LDIF entry is imported using slapadd, it doesn't get replicated in the replica server at all. Below is the ldapsearch result om Master server: GURKES254 linus> ldapsearch -h xx.xx.xx.xx -p 2016 -b "dc=my-domain,dc=com" "ou=Test9" # extended LDIF # # LDAPv3 # base <dc=my-domain,dc=com> with scope subtree # filter: ou=Test9 # requesting: ALL # # Test9, people, my-domain.com dn: ou=Test9,ou=people,dc=my-domain,dc=com ou: Test9 objectClass: organizationalUnit companyName: Test9Grp # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Below is the ldapsearch result om replica server: GURKES254 linus> ldapsearch -h xx.xx.xx.xx -p 2017 -b "dc=my-domain,dc=com" "ou=Test9" # extended LDIF # # LDAPv3 # base <dc=my-domain,dc=com> with scope subtree # filter: ou=Test9 # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 Please let me know in case any other information is required. Br Gurjot Kaur "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/core.schema include /osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/cosine.schema include /osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/inetorgperson.schema include /osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/extendedperson.schema include /osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/cmm.schema include /osp/local/home/linus/OpenLDAP244_LMDB1/etc/openldap/schema/authentication.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /osp/local/home/linus/OpenLDAP244_LMDB1/var/run/slapd.pid argsfile /osp/local/home/linus/OpenLDAP244_LMDB1/var/run/slapd.args # Load dynamic backend modules: # modulepath /osp/local/home/linus/OpenLDAP244_LMDB1/libexec/openldap # moduleload back_mdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ######################################### # uniquely identifies this server ######################################### serverID 1 ####################################################################### # MDB database definitions ####################################################################### database mdb maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /osp/local/home/linus/OpenLDAP244_LMDB1/var/openldap-data ######################################################################## # enable a lot of logging - we might need it ######################################################################## loglevel -1 ######################################################################## # Consumer Setup : this server act as consumer of the other ######################################################################## syncRepl rid=000 provider=ldap://xx.xx.xx.xx:2017 type=refreshAndPersist retry="5 + 5 +" searchbase="dc=my-domain,dc=com" attrs=* interval=00:00:00:09 schemachecking=off bindmethod=simple binddn="cn=Manager,dc=my-domain,dc=com" credentials=secret ######################################################################## # Indexing ######################################################################## index entryCSN eq index entryUUID eq index objectClass eq index cn eq ######################################################################### # mirror mode essential to allow writes # and must appear after all syncrepl directives ######################################################################### mirrormode on #database monitor ######################################################################### # define the provider to use the syncprov overlay # (last directives in database section) ######################################################################### overlay syncprov # contextCSN saved to database every 100 updates or ten minutes syncprov-checkpoint 100 10 syncprov-sessionlog 100
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/core.schema include /osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/cosine.schema include /osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/inetorgperson.schema include /osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/extendedperson.schema include /osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/cmm.schema include /osp/local/home/linus/OpenLDAP244_LMDB2/etc/openldap/schema/authentication.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /osp/local/home/linus/OpenLDAP244_LMDB2/var/run/slapd.pid argsfile /osp/local/home/linus/OpenLDAP244_LMDB2/var/run/slapd.args # Load dynamic backend modules: # modulepath /osp/local/home/linus/OpenLDAP244_LMDB2/libexec/openldap # moduleload back_mdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ######################################### # uniquely identifies this server ######################################### serverID 2 ####################################################################### # MDB database definitions ####################################################################### database mdb maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /osp/local/home/linus/OpenLDAP244_LMDB2/var/openldap-data ######################################################################## # enable a lot of logging - we might need it ######################################################################## loglevel -1 ######################################################################## # Consumer Setup : this server act as consumer of the other ######################################################################## syncRepl rid=000 provider=ldap://xx.xx.xx.xx:2016 type=refreshAndPersist retry="5 + 5 +" searchbase="dc=my-domain,dc=com" attrs=* interval=00:00:00:09 schemachecking=off bindmethod=simple binddn="cn=Manager,dc=my-domain,dc=com" credentials=secret ######################################################################## # Indexing ######################################################################## index entryCSN eq index entryUUID eq index objectClass eq index cn eq ######################################################################### # mirror mode essential to allow writes # and must appear after all syncrepl directives ######################################################################### mirrormode on #database monitor ######################################################################### # define the provider to use the syncprov overlay # (last directives in database section) ######################################################################### overlay syncprov # contextCSN saved to database every 100 updates or ten minutes syncprov-checkpoint 100 10 syncprov-sessionlog 100
