Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] replication using OpenLDAP


Hello sluggers,

I'm trying to set up LDAP replication between a master database on a Red Hat
8.0 machine (running OpenLDAP 2.0.27) and a slave on a Debian unstable machine
(running OpenLDAP 2.1.17).

On the master, the slapd.conf looks like this:

  include /etc/openldap/schema/core.schema
  include /etc/openldap/schema/cosine.schema
  include /etc/openldap/schema/inetorgperson.schema
  include /etc/openldap/schema/nis.schema

  schemacheck on

  pidfile /var/run/slapd.pid
  argsfile /var/run/slapd.args

  replogfile /var/lib/ldap/master-replog

  loglevel -1

  database ldbm
  suffix "dc=anchor,dc=net,dc=au"
  directory /var/lib/ldap
  index objectClass,uid,uidNumber,gidNumber,memberUid eq
  index cn,mail,surname,givenname eq,subinitial
  replica host=plank.bridge.anchor.net.au:389
    binddn="cn=admin,dc=anchor,dc=net,dc=au"
    bindmethod=simple credentials=password
  require LDAPv3
  access to attribute=userPassword
     by dn="cn=admin,dc=anchor,dc=net,dc=au" write
     by anonymous auth
     by self write
     by * none
  access to *
     by dn="cn=admin,dc=anchor,dc=net,dc=au" write
     by * read

So, as per the man page and the guides google showed me[1] I've got a
replogfile listed and I'm specifying the slave hostname and the credentials
to bind to the slave with.

The slave is set up almost identically, except that it has no replogfile,
and it has the following lines:

updatedn "cn=admin,dc=anchor,dc=net,dc=au"
updateref ldap://bulkhead.engineroom.anchor.net.au

The problem I'm having is that slapd on the master machine isn't creating a
the replogfile, and so slurpd has no file to read, and so the slave isn't
receiving anything.

The master database has a few records in it, the slave database has nothing
in it at all.  I've tried sniffing the network, watching both machine's logs
to see if there's any activity, and there's nothing there.  The problem
seems to be wholly within the master, as it is not generating the replog.

I've telnetted to the slave from the master, so there is no connection
problems there, either.

Has anyone experienced a master that isn't generating a replog?  I'm
concerned that because no attempt to connect to the slave is made, it can't
work out what it needs to replicate, and if that's the case, how can I force
the master to talk to the slave?

Any help appreciated.

[1] I've got the following pages open:
http://moto.chuany.net/pipermail/moto-web/2002-December/000056.html
http://www.linuxselfhelp.com/HOWTO/LDAP-HOWTO-3.html
http://www.openldap.org/doc/admin21/replication.html
http://www.arrayservices.com/projects/Exchange-HOWTO/html/x214.html
http://www.metaconsultancy.com/whitepapers/ldap.htm

-- 
jaq@xxxxxxxxxxxxxx                           http://spacepants.org/jaq.gpg