Hello,
I'm somewhat not experienced with LDAP on the server side of things
I’m importing openldap 2.4. into 2.6.3. (rockylinux 9). My goal is to 2 have 2
N-way (or multi-master*) ldap nodes. I’ve changed hdb to mdb, created accesslog
folder, fixed permissions, SSL etc
The import doesn’t throw any errors. My understanding is that I need to have
cn=config replication, as well as my small dc=domain,dc=com, replication as well
The cn=config replication I call via this on both nodes followed by restarts
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=002 provider=ldaps://prod-ldap2.domain.com:636
bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=N…
searchbase="cn=config" schemachecking=on type=refreshAndPersist retry="10 10 60
+" tls_reqcert=allow keepalive=240:10:30 olcSyncRepl: rid=001
provider=ldaps://prod-ldap1.domain.com:636 bindmethod=simple
binddn="cn=admin,dc=domain,dc=com" credentials=N…… searchbase="cn=config"
schemachecking=on type=refreshAndPersist retry="10 10 60 +" tls_reqcert=allow
keepalive=240:10:30
- add: olcMirrorMode
olcMirrorMode: TRUE
Now once I do that I’ve experimented with changing the olcLogLevel and it seems
to work. The rid’s on each node are different server2 has rid=002, server 1 has
rid=001 as well as different olcServerID
The part I run into issues is when I enable replication to the dc=domain,dc=com
via
dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {2}syncprov
olcSpCheckpoint: 20 10
olcSpSessionlog: 10000000
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=021 provider=ldaps://prod-ldap1.domain.com:636
bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=N….
searchbase="dc=domain,dc=com"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on
type=refreshAndPersist retry="5 10 60 +" tls_reqcert=allow keepalive=240:10:30
olcSyncRepl: rid=022 provider=ldaps://prod-ldap2.domain.com:636
bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=N….
searchbase="dc=domain,dc=com"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on
type=refreshAndPersist retry="5 10 60 +" tls_reqcert=allow keepalive=240:10:30
-
add: olcMirrorMode
olcMirrorMode: TRUE
I have 2 sets rids 001/002 and 021/022 and I have olcMirrorMode set to true on
both cn=config and domain replication
I’m pasting the relevant code around accesslog and syncprov that I think I’m
getting wrong
dn: olcOverlay={3}syncprov,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {3}syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
structuralObjectClass: olcSyncProvConfig
dn: olcOverlay={4}accesslog,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {4}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
dn: olcDatabase={2}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=accesslog
olcRootDN: cn=admin,dc=adaptavist,dc=com
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
structuralObjectClass: olcMdbConfig
dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
structuralObjectClass: olcSyncProvConfig
Replication works from node1 to node2, and in reverse. But it stops after 20
minutes or so
After replication stops I see the on accesslog on one node has 4 records, on
the other it has 3 and it never catches up even if I restart although at first
it all works regardless of which node I update (change a random password)
What am I doing wrong? Perhaps more than one thing
Thank you
