On Mon, 2007-01-15 at 17:51 -0800, Tim Alberts wrote: > I have 2 servers, both running FC6 and OpenLDAP (included RPMS) all > software is yum update as of a couple days ago. I have both servers > setup to authenticate which is working fine. I have the master LDAP > server setup with a corporate address book. I can even query it with > Outlook and other email clients. The problem I'm having is trying to > get changes replicated from the master to the slave. > > The following is the /etc/openldap/slapd.conf file on the MASTER: > > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > > allow bind_v2 > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > database bdb > suffix "dc=mydomain,dc=com" > rootdn "cn=Manager,dc=mydomain,dc=com" > rootpw ubersupersecret > > directory /var/lib/ldap > > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > > replogfile /var/lib/ldap/openldap-master-replog > replica uri=ldap://slave.mydomain.com:389 > binddn="cn=Manager,dc=mydomain,dc=com" > bindmethod=simple credentials=secret > > > The following is the /etc/openldap/slapd.conf file on the SLAVE: > > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > > allow bind_v2 > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > database bdb > suffix "dc=mydomain,dc=com" > rootdn "cn=Manager,dc=mydomain,dc=com" > rootpw ubersupersecret > > directory /var/lib/ldap > > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > > updatedn "cn=Manager,dc=mydomain,dc=com" > updateref ldap://master.mydomain.com:389/ > > The master server has created the update file and the slurpd is > running. However, the update log I specified is empty and there is a > sub folder /replica/ in the /var/lib/ldap/ which seems to contain all > the updates. If anyone sees something I'm doing wrong, please help. > Also, can someone tell me how long it takes for slurpd to 'wakeup' and > look for changes? > > Thank you in advance. ---- is slurpd running? ps aux|grep slurpd I vaguely recall having to enable slurpd either in /etc/sysconfig/ or in /etc/init.d/ldap but I don't use Fedora for LDAP server generally, you don't use the rootbinddn for slurpd replication...can I presume that you are putting the 'unencrypted' version of the rootbinddn in 'credentials' on the 'MASTER' and then I don't see a passwd-hash or passwd-crypt-salt-format setting in either. next, your config doesn't show any ACL's for either master or slave config and by default, that which isn't allowed is denied so (except rootbinddn) lastly, logs are your friend...you probably want to add 'loglevel 256' or even higher and to keep these logs separate from syslog, try adding to /etc/syslog.conf local4.* /var/log/slapd.log service syslog restart # to make changes effective service ldap restart # to make changes effective Craig
