-   Linux - Networking (
-   -   Openldap replication (

sunhui 08-06-2006 06:11 AM

Openldap replication
I am trying to follow the admin guide to configure the openldap replication , I run the /usr/bin/slurpd , then it pop the message " Error: Malformed "replica" line in slapd config file, line 72 , Warning: failed to add replica " - ignoring replica " , I sure the server is reachable , can anyone advise what is possible reason for the error ? thx

my slapd.conf

replogfile /var/lib/ldap/master-slapd.replog
database ldbm
suffix "dc=resues1,dc=com"
rootdn "cn=Manager,dc=resues1,dc=com"
rootpw secret
rootpw {SSHA}UKfX5uzttkfXd9nMEFWl3l9BfdafOjsV8TQKv
directory /var/lib/ldap/
replica host=resues2:389
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq
bindmethod=simple credentials=password

peter_robb 08-07-2006 05:53 AM

From man slapd.conf..

replica          uri=ldap[s]://<hostname>[:port]|host=<hostname>[:port]
              [starttls=yes|critical]          [suffix=<suffix>        [...]]
              bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple
              password>]    [saslmech=<SASL  mech>]  [secprops=<properties>]
              [realm=<realm>]          [authcId=<authentication          ID>]
              [authzId=<authorization ID>] [attr[!]=<attr list>]
              Specify  a  replication  site  for  this database.  Refer to the
              "OpenLDAP Administrator's Guide"  for  detailed  information  on
              setting  up  a  replicated slapd directory service. Zero or more
              suffix instances can be used to select the subtrees that will be
              replicated  (defaults  to all the database).  host is deprecated
              in favor of the uri option.
  uri allows the replica LDAP  server
              to be specified as an LDAP URI.  A bindmethod of simple requires
              the options binddn and credentials and should only be used  when
              adequate  security  services  (e.g TLS or IPSEC) are in place. A
              bindmethod of  sasl  requires  the  option  saslmech.  Specific
              security  properties  (as  with the sasl-secprops keyword above)
              for a SASL bind can be set with  the  secprops  option.  A  non-
              default  SASL  realm  can  be set with the realm option.  If the
              mechanism will use Kerberos, a kerberos instance should be given
              in authcId.  An attr list can be given after the attr keyword to
              allow the selective replication of the listed  attributes  only;
              if  the  optional  !  mark  is  used,  the  list  is considered
              exclusive, i.e. the listed attributes are not replicated.  If an
              objectClass  is listed, all the related attributes are (are not)

jitender.rajpal 10-18-2006 08:24 AM


Pls make sure that ur slapd.conf file contain replica directive like this only.

replogfile /var/lib/ldap/openldap-master-replog
replica uri=ldaps://
bindmethod=simple credentials=secret

Hope it will work !!!!

Jitender Rajpal

All times are GMT -5. The time now is 08:20 PM.