We stay in the 2.5 LTS branch. 2.6 is more of a Dev Branch if I understand it correctly.
From: Quanah Gibson-Mount <[email protected]> Sent: Wednesday, January 24, 2024 11:39 AM To: Viktor Keremedchiev <[email protected]>; [email protected] Subject: [EXTERNAL] Re: Openldap 2.4 -> Openldap 2.6.3 replication hurdles --On Wednesday, January 24, 2024 8: 28 AM +0200 Viktor Keremedchiev <vkeremedchiev@ adaptavist. com> wrote: > Hello, > I'm somewhat not experienced with LDAP on the server side of things > I'm importing openldap 2. 4. into 2. 6. 3. --On Wednesday, January 24, 2024 8:28 AM +0200 Viktor Keremedchiev <[email protected]<mailto:[email protected]>> wrote: > Hello, > I'm somewhat not experienced with LDAP on the server side of things > I'm importing openldap 2.4. into 2.6.3. (rockylinux 9). My goal is to 2 > have 2 N-way (or multi-master*) ldap nodes. I've changed hdb to mdb, > created accesslog folder, fixed permissions, SSL etc > The import doesn't throw any errors. My understanding is that I need to > have cn=config replication, as well as my small dc=domain,dc=com, > replication as well It is not required to have cn=config replication. And I would note that OpenLDAP 2.6.3 is fairly old at this point with significant fixes done to the 2.6 series since its release. I'd advise using a current release of OpenLDAP 2.6. > The cn=config replication I call via this on both nodes followed by > restarts > > > dn: cn=config > changetype: modify > replace: olcServerID > olcServerID: 1 Each server must have its own, unique, serverID. If you are going to use cn=config replication, then you *must* use the olcServerID: # URI format. > > Now once I do that I've experimented with changing the olcLogLevel and > it seems to work. The rid's on each node are different server2 has > rid=002, server 1 has rid=001 as well as different olcServerID RIDs must be unique INSIDE a particular server, but different servers can use the same RID values. > What am I doing wrong? Perhaps more than one thing I'd suggest starting with just getting back-mdb replication working between the nodes. Side note, your configuration for the accesslog DB is missing an index on 'reqDN'. --Quanah
