LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   LDAP Replication centos 6 (http://www.linuxquestions.org/questions/linux-server-73/ldap-replication-centos-6-a-4175470022/)

troya 07-18-2013 01:48 AM

LDAP Replication centos 6
 
HI All,

I have ldap server on My machine which i want to replicate to another ldap using master-slave methode.

In this case i want to master machine push data on ldap, so slave machine doesn't pull ldap data.

My ldap server is slapd 2.4.23 which running on Centos 6.4

Any reference for this case ?


Thanks

druuna 07-18-2013 01:52 AM

Are you looking for this:

- 13. Replication with slurpd (ldap 2.2)

Quote:

slurpd(8) provides the capability for a master slapd to propagate changes to slave slapd instances, implementing the master/slave replication scheme described above. slurpd runs on the same host as the master slapd instance.

troya 07-18-2013 02:02 AM

Hi Druuna,

Yes, iam looking for that.

Is slurpd method still can't used for ldap 2.4 or above version ? I hear that this method have been replace to syncrepl method, but i don't know exactly, just a newbie

Any step by step reference for that ? i'm running on slapd 2.4.23 version and using Centos 6.4



Thanks

druuna 07-18-2013 02:10 AM

Sorry for the version 2.2 link (edited my previous post).

Here's the version 2.4 article: 18. Replication (ldap 2.4)

troya 07-18-2013 04:12 AM

On that document we need to configure slapd.conf on /etc/openldap but on my Centos Machine i can't found that file.Only there is ldap.conf

Is slapd.conf file should created manually ?

scottro11 07-18-2013 06:40 AM

It's been deprecated in favor of slapd-config.

http://www.openldap.org/doc/admin24/slapdconf2.html

troya 07-18-2013 09:00 PM

So, where i put configuration like bellow :

Code:

    database bdb
        suffix dc=Example,dc=com
        rootdn dc=Example,dc=com
        directory /var/ldap/db
        index objectclass,entryCSN,entryUUID eq

        overlay syncprov
        syncprov-checkpoint 100 10
        syncprov-sessionlog 100

Which from this reference http://www.openldap.org/doc/admin24/slapdconf2.html should be on slapd.conf ?

troya 07-20-2013 11:42 PM

Hi All,

I just following reference from http://www.cbjck.de/2013/03/ldap-replication/ to replicate ldap.On that blog is using Debian, but i'm running on Centos 6.

On that blog say that i add provider.ldif to ldap machine which have role as provider.but when i try to add provider.ldif i got error message like bellow :

Code:

# ldapadd -f provider.ldif -D cn=admin,dc=mydomain,dc=org -w mypassword

ldapadd: wrong attributeType at line 11, entry "olcDatabase={1}hdb,cn=config"


Bellow provider.ldif code:

Code:

# Add indexes/modify ACL to the frontend db.
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=mydomain,dc=org" write by dn="cn=synchronisator,dc=mydomain,dc=org" read by * none
 
#Load the syncprov and accesslog modules.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
add: olcModuleLoad
olcModuleLoad: accesslog
 
# Accesslog database definitions
dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=accesslog
olcRootDN: cn=admin,dc=mydomain,dc=org
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
olcAccess: to * by dn="cn=synchronisator,dc=mydomain,dc=org" write
 
# Accesslog db syncprov.
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
# syncrepl Provider for primary db
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
 
# accesslog overlay definitions for primary db
dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
olcAccessLogPurge: 07+00:00 01+00:00

Actually i installed ldap on my machine following instruction from http://docs.adaptivecomputing.com/vi...POnCentos6.htm

I don't know different bdb and hdb but i think on my installation using bdb

this is my olcDatabase\=\{2\}bdb.ldif configuration

Code:

dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=mydomain,dc=org
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,dc=mydomain,dc=org
olcRootPW: {SSHA}C4PLjlRVE+huZvmraNAcevGKxDOtVEUR
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: bc2c3e90-6533-1032-8866-6388214733b0
creatorsName: cn=config
createTimestamp: 20130609093558Z
entryCSN: 20130609093558.523119Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130609093558Z
olcAccess: {0}to attrs=userPassword by self write by dn.base="cn=admin,dc=mydomain,dc=org" write by anonymous auth by * none
olcAccess: {1}to * by dn.base="cn=admin,dc=mydomain,dc=org" write by self write by * read

How to solve this error ?

troya 07-21-2013 09:22 PM

Hi All,

Actually based on http://www.openldap.org/doc/admin24/slapdconf2.html said that i can converting slapd.conf to cn=config format.

So for this purpose i try to make slapd.conf file on server which have role provider like bellow:

Code:

database bdb
suffix dc=mydomain,dc=org
rootdn cn=admin,dc=mydomain,dc=org
directory /var/lib/ldap/db
index objectclass,entryCSN,entryUUID eq

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

database config
rootpw mypassword


Then i try to convert that file using slaptest command, but i got error message like bellow :

Code:

$ slaptest -f slapd.conf -v
slapd.conf: line 2: <suffix> invalid DN 21 (Invalid syntax)
slaptest: bad configuration file

Actually my suffix is absolutely right, but why always "invalid DN"
How to solve this error ?


All times are GMT -5. The time now is 08:29 AM.