LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-13-2011, 02:20 AM   #1
nqk28703
LQ Newbie
 
Registered: Apr 2011
Posts: 15

Rep: Reputation: 0
Angry OpenLDAP Replication...


Hi all,

I'm setting up a Master and Slave OpenLDAP (ver. 2.4.25) use Replication method following https://help.ubuntu.com/community/OpenLDAPServer. When i used slapdcat (slapdcat -l master_dump.ldif), I got a messeage:

root@ldap:/usr/local/openldap/sbin# ./slapcat -l master_dump.ldif
/usr/local/openldap/etc/openldap/slapd.conf: line 89: <replogfile> keyword is obsolete (ignored)
/usr/local/openldap/etc/openldap/slapd.conf: line 91: <replica> keyword is obsolete (ignored)
bdb_db_open: warning - no DB_CONFIG file found in directory /usr/local/openldap/var/openldap-data: (2).
Expect poor performance for suffix "dc=abc,dc=com".
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

What i'm doing wrong? Please help...

My Master slapd.conf is:

# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

# CA signed certificate and server cert entries:

TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCACertificateFile /var/myCA/cacert.crt
TLSCertificateFile /var/myCA/master_ldap_crt.pem
TLSCertificateKeyFile /var/myCA/master_ldap_key.pem

# Use the following if client authentication is required
#TLSVerifyClient demand
# ... or not desired at all
TLSVerifyClient never

#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix "dc=abc,dc=com"
rootdn "cn=rootldap,dc=abc,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw 123456789
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass eq
index uid eq
index cn,gn,mail eq,sub
index sn eq,sub
index ou eq

replogfile /usr/local/openldap/var/openldap-data/replogfile
replica uri="ldaps://mail1.abc.com" starttls=yes bindmethod=simple \
binddn="cn=rootldap,dc=abc,dc=com" credentials="123456789"

My Slave slapd.conf is similar configuraion to the Master Server...
 
Old 05-13-2011, 03:03 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
That doc details replication using slurpd which is now, as per the messages, obsolete (and awful) . Go search for docs on syncrepl instead, that's the standard for 2.4 and is much better.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
openldap replication problem tekwueng Linux - Networking 0 11-06-2006 08:48 PM
Openldap replication sunhui Linux - Networking 2 10-18-2006 07:24 AM
OpenLDAP replication.. sunhui Linux - Networking 0 10-02-2006 10:17 AM
OpenLDAP replication.. sunhui Linux - Software 0 09-11-2006 10:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration