|
LQ Newbie
Registered: Jan 2009
Posts: 1
Rep: 
|
LDAP Replication problem
Hi i have been trying to figure out how to get the ldap replication running. I am using Ubuntu Server and the latest release of LDAP and have problems even getting started with the replication trying to configure for Master/Slave.
I have looked all over the net for how to get it to work.
To my understanding the old replication daemon slurpd has been replaced by syncrepl. But when i read about the slurpd daemon you needed to start that daemon but when it comes to syncrepl i don't know how to start it. I guess it just starts with the slapd daemon.
Nothing shows up in the logs, just like nothing is happening.
I hope you can help me solve my problem.
Master ip : 192.168.218.128
Slave ip : 192.168.218.129
btw i am running both of these machines on VMware Server.
Here are my configs:
#MASTER
# LDAP configuration
allow bind_v2
# Schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
#include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/ppolicy.schema
# Samba schema
#include /etc/ldap/schema/samba.schema
# Check schema consistency when starting
#schemacheck on
# Define global ACLs to disable default read access.
# None
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
# WARNING amd64 has lib64 !!
#modulepath /usr/lib64/openldap/openldap
modulepath /usr/lib/ldap
moduleload back_bdb.so
moduleload syncprov.la
#Load the password policy overlay
# Not yet implemented .. maybe later
#moduleload ppolicy.la
# unlimited searches for administrative DNs
#
# it's disabled because we have already put SIZELIMIT to 0
# but it's a good thing to know how it can be set or changed
#
#limits dn.exact="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
# this is for the rootdn in case of SIZELIMIT is different than 0
#sizelimit unlimited
# Let some special user to change passwords, and others to read
#
### Note this is just an example you can just have only one user that can do
### everithing , but it 's not reccomended.
#
### If you want that the following users can access in write or read, remember to create them
### under gosa in the acl subtree
#
#access to attrs=shadowExpire,shadowFlag,shadowInactive,shadowLastChange,shadowMax,shadowMin,
#shadowWarning,sambaLMPassword,sambaNTPassword,sambaPwdLastSet
# by dn="uid=replicante10,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=pwdchanger,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=wwwadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by dn="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by anonymous auth
# by self write
# by * none
access to attrs=userPassword
by dn="cn=admin,dc=glazeeserver,dc=com" write
# by dn="uid=wwwadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by dn="uid=pwdchanger,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=glazeeserver,dc=com" write
by anonymous auth
#######################################################################
## BDB database definitions
########################################################################
database bdb
suffix "dc=glazeeserver,dc=com"
checkpoint 512 30
rootdn "uid=admin,dc=glazeeserver,dc=com"
rootpw secret
# Mode 700 recommended. chown ldap:ldap .
directory /var/lib/ldap
lastmod on
mode 0600
# Only 4 debug
#loglevel 1 2 4 8 16 32 64 128 256 512 1024 2048
loglevel -1
# physycal backend (db library, not slapd) cache
# here, 0.25 GB
dbconfig set_cachesize 0 268435456 1
# Transaction Log settings
# logging region size in bytes, here 1 MBytes
dbconfig set_lg_regionmax 1048576
# log buffer size in bytes, here 2 MBytes
dbconfig set_lg_bsize 2097152
# Set the maximum size of a single file in the log, in bytes, here 10 MByte
dbconfig set_lg_max 10485760
# Indices to maintain
index objectClass pres,eq
index uid,mail,uniqueMember eq
index cn,sn,givenName,ou pres,eq,sub
index uidNumber,gidNumber,memberuid eq
#index sambaSID eq
#index sambaPrimaryGroupSID eq
#index sambaDomainName eq
#index sambaAlgorithmicRidBase pres,eq
# syncprov specific indexing
index entryCSN eq
index entryUUID eq
# password policy stuff
# Not now, we can implement them later.
#overlay ppolicy
#ppolicy_default "uid=defaultppolicy,ou=people,ou=acl,dc=glazeeserver,dc=com"
# SSL Stuff
TLSVerifyClient never
# Even in this case .. let's do it later ..
#
# #TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile /etc/openldap/ssl/ca.crt
#TLSCertificateFile /etc/openldap/ssl/ldap.glazeeserver.com.crt
#TLSCertificateKeyFile /etc/openldap/ssl/ldap.glazeeserver.com.key
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
--------------------------------------------------------------------------
#SLAVE
# LDAP configuration
allow bind_v2
# Schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
#include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/ppolicy.schema
# Samba schema
#include /etc/ldap/schema/samba.schema
# Check schema consistency when starting
#schemacheck on
# Define global ACLs to disable default read access.
# None
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
# WARNING amd64 has lib64 !!
#modulepath /usr/lib64/openldap/openldap
modulepath /usr/lib/ldap
moduleload back_bdb.so
moduleload syncprov.la
#Load the password policy overlay
# Not yet implemented .. maybe later
#moduleload ppolicy.la
# unlimited searches for administrative DNs
#
# it's disabled because we have already put SIZELIMIT to 0
# but it's a good thing to know how it can be set or changed
#
#limits dn.exact="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
# this is for the rootdn in case of SIZELIMIT is different than 0
#sizelimit unlimited
# Let some special user to change passwords, and others to read
#
### Note this is just an example you can just have only one user that can do
### everithing , but it 's not reccomended.
#
### If you want that the following users can access in write or read, remember to create them
### under gosa in the acl subtree
#
#access to attrs=shadowExpire,shadowFlag,shadowInactive,shadowLastChange,shadowMax,shadowMin,
#shadowWarning,sambaLMPassword,sambaNTPassword,sambaPwdLastSet
# by dn="uid=replicante10,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=pwdchanger,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=wwwadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by dn="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by anonymous auth
# by self write
# by * none
access to attrs=userPassword
by dn="uid=admin,dc=glazeeserver,dc=com" write
# by dn="uid=wwwadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" read
# by dn="uid=pwdchanger,ou=people,ou=acl,dc=glazeeserver,dc=com" write
# by dn="uid=unixadmin,ou=people,ou=acl,dc=glazeeserver,dc=com" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=glazeeserver,dc=com" write
by * read
#######################################################################
## BDB database definitions
########################################################################
database bdb
suffix "dc=glazeeserver,dc=com"
checkpoint 512 30
rootdn "uid=admin,dc=glazeeserver,dc=com"
rootpw secret
# Mode 700 recommended. chown ldap:ldap .
directory /var/lib/ldap
lastmod on
# Only 4 debug
#loglevel 1 2 4 8 16 32 64 128 256 512 1024 2048
loglevel -1
# physycal backend (db library, not slapd) cache
# here, 0.25 GB
dbconfig set_cachesize 0 268435456 1
# Transaction Log settings
# logging region size in bytes, here 1 MBytes
dbconfig set_lg_regionmax 1048576
# log buffer size in bytes, here 2 MBytes
dbconfig set_lg_bsize 2097152
# Set the maximum size of a single file in the log, in bytes, here 10 MByte
dbconfig set_lg_max 10485760
# Indices to maintain
index objectClass pres,eq
index uid,mail,uniqueMember eq
index cn,sn,givenName,ou pres,eq,sub
index uidNumber,gidNumber,memberuid eq
#index sambaSID eq
#index sambaPrimaryGroupSID eq
#index sambaDomainName eq
#index sambaAlgorithmicRidBase pres,eq
# syncprov specific indexing
index entryCSN eq
index entryUUID eq
# password policy stuff
# Not now, we can implement them later.
#overlay ppolicy
#ppolicy_default "uid=defaultppolicy,ou=people,ou=acl,dc=glazeeserver,dc=com"
# SSL Stuff
TLSVerifyClient never
# Even in this case .. let's do it later ..
#
# #TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCACertificateFile /etc/openldap/ssl/ca.crt
#TLSCertificateFile /etc/openldap/ssl/ldap.glazeeserver.com.crt
#TLSCertificateKeyFile /etc/openldap/ssl/ldap.glazeeserver.com.key
syncrepl rid=123
provider=ldap://192.168.218.128:389
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=glazeeserver,dc=com"
attrs="*,+"
bindmethod=simple
binddn="uid=admin,dc=glazeeserver,dc=com"
credentials="secret"
updateref ldap://192.168.218.128:389
|
