[Ltb-users] OpenLDAP slave-master synchronization problem

Francois Gnu gnu699 at gmail.com
Fri Mar 1 19:42:52 CET 2013


Hello Tian,

You could use:

-On the master:
# cn\=config.ldif
olcServerID: 001 ldap://ldap01.example.com

# cn\=config/olcDatabase\=\{1\}hdb.ldif:


olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com
binddn="cn=admin,dc=example,dc=com"  bindmethod=simple
credentials=secret searchbase="dc=example,dc=com"
type=refreshAndPersist interval=00:00:00:10 retry="5 5 100 +"
timeout=3

olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com
binddn="cn=admin,dc=example,dc=com"  bindmethod=simple
credentials=secret searchbase="dc=example,dc=com"
type=refreshAndPersist interval=00:00:00:10 retry="5 5 100 +"
timeout=3

olcSyncrepl: {2}rid=003 provider=ldap://ldap03.example.com
binddn="cn=admin,dc=example,dc=com"  bindmethod=simple
credentials=secret searchbase="dc=example,dc=com"
type=refreshAndPersist interval=00:00:00:10 retry="5 5 100 +"
timeout=3

olcSyncrepl: {3}rid=004 provider=ldap://ldap04.example.com
binddn="cn=admin,dc=example,dc=com"  bindmethod=simple
credentials=secret searchbase="dc=example,dc=com"
type=refreshAndPersist interval=00:00:00:10 retry="5 5 100 +"
timeout=3

olcMirrorMode: TRUE


-On one of the consumers:
cn\=config.ldif
olcServerID: 002 ldap://ldap02.example.com

#cn\=config/olcDatabase\=\{1\}hdb.ldif


olcSyncrepl: {0}rid=002 provider=ldap://ldap02.example.com
binddn="cn=admin,dc=example,dc=com"  bindmethod=simple
credentials=secret searchbase="dc=example,dc=com"
type=refreshAndPersist interval=00:00:00:10 retry="5 5 100 +"
timeout=3

olcSyncrepl: {1}rid=001 provider=ldap://ldap01.example.com
binddn="cn=admin,dc=example,dc=com"  bindmethod=simple
credentials=secret searchbase="dc=example,dc=com"
type=refreshAndPersist interval=00:00:00:10 retry="5 5 100 +"
timeout=3

olcMirrorMode: TRUE


Like that, it works perfectly.

Librement,
------
Francois Trachez (kiko)
Team Fedora|Lyon (France)
http://stg.fedoraproject.org/fr/
http://stg.fedoraproject.org/es/


2013/2/28 Tian Zhiying <tianzy1225 at thundersoft.com>

> **
>  Hi, Clément
>
> “The referal must be managed by the client. If not, configure your client
> to access to master directly.” Sorry, I don't understand.
> Can be a little more detail.
>
> The following is my configuration,any problem?
> Master Configuration:
>  allow bind_v2
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
> access to *
>         by * write
> database        bdb
> suffix          "dc=domain,dc=com"
> rootdn          "cn=root,dc=domain,dc=com"
> overlay ppolicy
> rootpw          {SSHA}DyNIn6rweGRnQP0ntGaZxynMllSA3/w4
> directory       /var/lib/ldap
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> replogfile /var/lib/ldap/openldap-master-replog
> loglevel 4095
> replica host=192.168.70.15:389
>         binddn="cn=sa,dc=domain,dc=com"
>         bindmethod=simple credentials=miao3p
>
>
> Slave Configuration:
> allow bind_v2
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
> access to *
>         by * write
> database        bdb
> suffix          "dc=domain,dc=com"
> rootdn          "cn=root,dc=domain,dc=com"
> overlay ppolicy
> rootpw          {SSHA}sgBwprgmRciOEGTLjE5K9J22msm+U9NW
> directory       /var/lib/ldap
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> updatedn "cn=sa,dc=domain,dc=com"
> updateref ldap://192.168.100.11:389
>
>
> ------------------------------
> Tian Zhiying
>
>  *From:* Clément OUDOT <clem.oudot at gmail.com>
> *Date:* 2013-02-28 17:33
> *To:* tianzy1225 <tianzy1225 at thundersoft.com>
> *CC:* ltb-users <ltb-users at lists.ltb-project.org>
> *Subject:* Re: Re: [Ltb-users] OpenLDAP slave-master synchronization
> problem
>
>
> 2013/2/28 Tian Zhiying <tianzy1225 at thundersoft.com>
>
>> **
>> Hi, Clément
>>
>> "Updateref" can not return clients requests to master server? Now I had
>> configred it, but when I modify the entries, result a error:
>>
>>
>
>
> The referal must be managed by the client. If not, configure your client
> to access to master directly.
>
> Clément.
>
> _______________________________________________
> ltb-users mailing list
> ltb-users at lists.ltb-project.org
> http://lists.ltb-project.org/listinfo/ltb-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20130301/7ed20570/attachment.htm>


More information about the ltb-users mailing list