LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   LDAP Replication problem (http://www.linuxquestions.org/questions/linux-server-73/ldap-replication-problem-700141/)

Glazee 01-27-2009 04:16 AM

LDAP Replication problem
 
Hi i have been trying to figure out how to get the ldap replication running. I am using Ubuntu Server and the latest release of LDAP and have problems even getting started with the replication trying to configure for Master/Slave.

I have looked all over the net for how to get it to work.

To my understanding the old replication daemon slurpd has been replaced by syncrepl. But when i read about the slurpd daemon you needed to start that daemon but when it comes to syncrepl i don't know how to start it. I guess it just starts with the slapd daemon.

Nothing shows up in the logs, just like nothing is happening.

I hope you can help me solve my problem.

Master ip : 192.168.218.128

Slave ip : 192.168.218.129

btw i am running both of these machines on VMware Server.

Here are my configs:

#MASTER
# LDAP configuration

allow bind_v2

# Schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
#include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/ppolicy.schema
# Samba schema
#include /etc/ldap/schema/samba.schema

# Check schema consistency when starting
#schemacheck on


# Define global ACLs to disable default read access.
# None

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

# Load dynamic backend modules:
# WARNING amd64 has lib64 !!
#modulepath /usr/lib64/openldap/openldap
modulepath /usr/lib/ldap
moduleload back_bdb.so
moduleload syncprov.la

#Load the password policy overlay
# Not yet implemented .. maybe later
#moduleload ppolicy.la



# unlimited searches for administrative DNs
#
# it's disabled because we have already put SIZELIMIT to 0
# but it's a good thing to know how it can be set or changed
#
#limits dn.exact="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited


# this is for the rootdn in case of SIZELIMIT is different than 0
#sizelimit unlimited


# Let some special user to change passwords, and others to read
#
### Note this is just an example you can just have only one user that can do
### everithing , but it 's not reccomended.
#
### If you want that the following users can access in write or read, remember to create them
### under gosa in the acl subtree
#
#access to attrs=shadowExpire,shadowFlag,shadowInactive,shadowLastChange,shadowMax,shadowMin,
#shadowWarning,sambaLMPassword,sambaNTPassword,sambaPwdLastSet
# by dn="uid=replicante10,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=pwdchanger,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=wwwadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by dn="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by anonymous auth
# by self write
# by * none

access to attrs=userPassword
by dn="cn=admin,dc=glazeeserver,dc=com" write
# by dn="uid=wwwadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by dn="uid=pwdchanger,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" write
by anonymous auth
by self write
by * none

access to dn.base="" by * read

access to *
by dn="cn=admin,dc=glazeeserver,dc=com" write
by anonymous auth

#######################################################################
## BDB database definitions
########################################################################

database bdb
suffix "dc=glazeeserver,dc=com"
checkpoint 512 30
rootdn "uid=admin,dc=glazeeserver,dc=com"
rootpw secret

# Mode 700 recommended. chown ldap:ldap .
directory /var/lib/ldap

lastmod on

mode 0600

# Only 4 debug
#loglevel 1 2 4 8 16 32 64 128 256 512 1024 2048
loglevel -1

# physycal backend (db library, not slapd) cache
# here, 0.25 GB
dbconfig set_cachesize 0 268435456 1
# Transaction Log settings
# logging region size in bytes, here 1 MBytes
dbconfig set_lg_regionmax 1048576
# log buffer size in bytes, here 2 MBytes
dbconfig set_lg_bsize 2097152
# Set the maximum size of a single file in the log, in bytes, here 10 MByte
dbconfig set_lg_max 10485760


# Indices to maintain
index objectClass pres,eq
index uid,mail,uniqueMember eq
index cn,sn,givenName,ou pres,eq,sub
index uidNumber,gidNumber,memberuid eq
#index sambaSID eq
#index sambaPrimaryGroupSID eq
#index sambaDomainName eq
#index sambaAlgorithmicRidBase pres,eq
# syncprov specific indexing
index entryCSN eq
index entryUUID eq


# password policy stuff
# Not now, we can implement them later.
#overlay ppolicy
#ppolicy_default "uid=defaultppolicy,ou=people,ou=acl,dc=glazeeserver,dc=com"

# SSL Stuff
TLSVerifyClient never

# Even in this case .. let's do it later ..
#
# #TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile /etc/openldap/ssl/ca.crt
#TLSCertificateFile /etc/openldap/ssl/ldap.glazeeserver.com.crt
#TLSCertificateKeyFile /etc/openldap/ssl/ldap.glazeeserver.com.key

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

--------------------------------------------------------------------------

#SLAVE
# LDAP configuration

allow bind_v2

# Schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
#include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/ppolicy.schema
# Samba schema
#include /etc/ldap/schema/samba.schema

# Check schema consistency when starting
#schemacheck on


# Define global ACLs to disable default read access.
# None

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

# Load dynamic backend modules:
# WARNING amd64 has lib64 !!
#modulepath /usr/lib64/openldap/openldap
modulepath /usr/lib/ldap
moduleload back_bdb.so
moduleload syncprov.la

#Load the password policy overlay
# Not yet implemented .. maybe later
#moduleload ppolicy.la



# unlimited searches for administrative DNs
#
# it's disabled because we have already put SIZELIMIT to 0
# but it's a good thing to know how it can be set or changed
#
#limits dn.exact="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited


# this is for the rootdn in case of SIZELIMIT is different than 0
#sizelimit unlimited


# Let some special user to change passwords, and others to read
#
### Note this is just an example you can just have only one user that can do
### everithing , but it 's not reccomended.
#
### If you want that the following users can access in write or read, remember to create them
### under gosa in the acl subtree
#
#access to attrs=shadowExpire,shadowFlag,shadowInactive,shadowLastChange,shadowMax,shadowMin,
#shadowWarning,sambaLMPassword,sambaNTPassword,sambaPwdLastSet
# by dn="uid=replicante10,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=pwdchanger,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=wwwadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by dn="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by anonymous auth
# by self write
# by * none

access to attrs=userPassword
by dn="uid=admin,dc=glazeeserver,dc=com" write
# by dn="uid=wwwadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by dn="uid=pwdchanger,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" write
by anonymous auth
by self write
by * none

access to dn.base="" by * read

access to *
by dn="cn=admin,dc=glazeeserver,dc=com" write
by * read

#######################################################################
## BDB database definitions
########################################################################

database bdb
suffix "dc=glazeeserver,dc=com"
checkpoint 512 30
rootdn "uid=admin,dc=glazeeserver,dc=com"
rootpw secret

# Mode 700 recommended. chown ldap:ldap .
directory /var/lib/ldap

lastmod on

# Only 4 debug
#loglevel 1 2 4 8 16 32 64 128 256 512 1024 2048
loglevel -1

# physycal backend (db library, not slapd) cache
# here, 0.25 GB
dbconfig set_cachesize 0 268435456 1
# Transaction Log settings
# logging region size in bytes, here 1 MBytes
dbconfig set_lg_regionmax 1048576
# log buffer size in bytes, here 2 MBytes
dbconfig set_lg_bsize 2097152
# Set the maximum size of a single file in the log, in bytes, here 10 MByte
dbconfig set_lg_max 10485760


# Indices to maintain
index objectClass pres,eq
index uid,mail,uniqueMember eq
index cn,sn,givenName,ou pres,eq,sub
index uidNumber,gidNumber,memberuid eq
#index sambaSID eq
#index sambaPrimaryGroupSID eq
#index sambaDomainName eq
#index sambaAlgorithmicRidBase pres,eq
# syncprov specific indexing
index entryCSN eq
index entryUUID eq


# password policy stuff
# Not now, we can implement them later.
#overlay ppolicy
#ppolicy_default "uid=defaultppolicy,ou=people,ou=acl,dc=glazeeserver,dc=com"

# SSL Stuff
TLSVerifyClient never

# Even in this case .. let's do it later ..
#
# #TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile /etc/openldap/ssl/ca.crt
#TLSCertificateFile /etc/openldap/ssl/ldap.glazeeserver.com.crt
#TLSCertificateKeyFile /etc/openldap/ssl/ldap.glazeeserver.com.key

syncrepl rid=123
provider=ldap://192.168.218.128:389
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=glazeeserver,dc=com"
attrs="*,+"
bindmethod=simple
binddn="uid=admin,dc=glazeeserver,dc=com"
credentials="secret"

updateref ldap://192.168.218.128:389

Glazee 02-03-2009 05:20 AM

Okay i solved it. It was some sort of problem with Ubuntu 8.10 so i switched to Ubuntu 8.04 but then i saw that apparmor was running and figured it might just be that. But i got everything working now on Ubuntu 8.04.


All times are GMT -5. The time now is 09:51 AM.