Need a good tutorial on LDAP replication

This is a discussion on Need a good tutorial on LDAP replication within the Linux Security forums, part of the System Security and Security Related category; Anyone know of a good tutorial for making LDAP replication work on FC3? I'm trying simple replication but going ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page Need a good tutorial on LDAP replication

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-28-2005
noi
 
Posts: n/a
Default Need a good tutorial on LDAP replication

Anyone know of a good tutorial for making LDAP replication work on FC3?
I'm trying simple replication but going in either direction doesn't work.

# Replicas of this database Master openldap 2.2
replogfile /var/lib/ldap/example.com/master-replog
replica uri=ldap://slave:389
suffix="dc=example,dc=com"
binddn="cn=replicator,dc=example,dc=com"
bindmethod=simple credentials=secret


# Slave openldap 2.1
updatedn "cn=replicator,dc=example,dc=com"

updateref ldap://master:389

# A simple ACL that gives the updatedn full write permissions
# It MUST appear before any other access rule
# give the updateDN "cn=Replica,dc=example,dc=com" auth and write access
access to *
by dn.exact="cn=replicator,dc=example,dc=com" write

The master replog has the changes but nothing happens
When the roles where reversed the openldap 2.1 couldn't find the master.
Thanks

Reply With Quote
  #2 (permalink)  
Old 04-01-2005
Gary Tay Teng Teck
 
Posts: n/a
Default Re: Need a good tutorial on LDAP replication
noi wrote:
> Anyone know of a good tutorial for making LDAP replication work on FC3?
> I'm trying simple replication but going in either direction doesn't work.
>
> # Replicas of this database Master openldap 2.2
> replogfile /var/lib/ldap/example.com/master-replog
> replica uri=ldap://slave:389
> suffix="dc=example,dc=com"
> binddn="cn=replicator,dc=example,dc=com"
> bindmethod=simple credentials=secret
>
>
> # Slave openldap 2.1
> updatedn "cn=replicator,dc=example,dc=com"
>
> updateref ldap://master:389
>
> # A simple ACL that gives the updatedn full write permissions
> # It MUST appear before any other access rule
> # give the updateDN "cn=Replica,dc=example,dc=com" auth and write access
> access to *
> by dn.exact="cn=replicator,dc=example,dc=com" write
>
> The master replog has the changes but nothing happens
> When the roles where reversed the openldap 2.1 couldn't find the master.
> Thanks
>

1) Did you slapcat the master and slapadd to the slave, as
initialization step for slave? Before you start slurpd.

2) It will be good to have a "break" keyword for your ACL.

access to *

by dn.exact="cn=Replicator,dc=example,dc=com" write

by * none break

You may follow Step 7X in my HOW-TO:

http://web.singnet.com.sg/~garyttt/

Rgds
Gary
Reply With Quote
  #3 (permalink)  
Old 04-01-2005
noi
 
Posts: n/a
Default Re: Need a good tutorial on LDAP replication
On Fri, 01 Apr 2005 07:18:22 +0800, Gary Tay Teng Teck thoughtfully wrote:

> noi wrote:
>> Anyone know of a good tutorial for making LDAP replication work on FC3?
>> I'm trying simple replication but going in either direction doesn't
>> work.
>>
>> # Replicas of this database Master openldap 2.2 replogfile
>> /var/lib/ldap/example.com/master-replog replica uri=ldap://slave:389
>> suffix="dc=example,dc=com"
>> binddn="cn=replicator,dc=example,dc=com" bindmethod=simple
>> credentials=secret
>>
>>
>> # Slave openldap 2.1
>> updatedn "cn=replicator,dc=example,dc=com"
>>
>> updateref ldap://master:389
>>
>> # A simple ACL that gives the updatedn full write permissions # It MUST
>> appear before any other access rule # give the updateDN
>> "cn=Replica,dc=example,dc=com" auth and write access access to *
>> by dn.exact="cn=replicator,dc=example,dc=com" write
>>
>> The master replog has the changes but nothing happens When the roles
>> where reversed the openldap 2.1 couldn't find the master. Thanks
>>
>>
> 1) Did you slapcat the master and slapadd to the slave, as initialization
> step for slave? Before you start slurpd.
>

No. Started with empty bdb and added to master. Is the slapcat a
requirement

> 2) It will be good to have a "break" keyword for your ACL.
>
> access to *
>
> by dn.exact="cn=Replicator,dc=example,dc=com" write
>
> by * none break
>

I took it out but I'll put it back in.

> You may follow Step 7X in my HOW-TO:
>
> http://web.singnet.com.sg/~garyttt/

Thanks I'll have a look.

>
> Rgds
> Gary

Reply With Quote
  #4 (permalink)  
Old 04-02-2005
Gary Tay Teng Teck
 
Posts: n/a
Default Re: Need a good tutorial on LDAP replication

I actually followed the OpenLDAP admin. guide at

http://www.openldap.org/doc/admin22/replication.html

The slapcat is a requirement, as per the "bible" listed above, to make
sure both master and slave have some data to begin with, I believe,
information that replication logic relies upon.

I noticed that the Replication setup steps in my HOW-TO has missed an
IMPORTANT step as stated in the above URL. Which is prior to slapcat,
shutdown the master slapd. Note that this means "downtime".

===
13.4.3. Shut down the master server

In order to ensure that the slave starts with an exact copy of the
master's data, you must shut down the master slapd. Do this by sending
the master slapd process an interrupt signal with kill -INT <pid>, where
<pid> is the process-id of the master slapd process.

If you like, you may restart the master slapd in read-only mode while
you are replicating the database. During this time, the master slapd
will return an "unwilling to perform" error to clients that attempt to
modify data.
===

I will amend my HOW-TO later to reflect the required shutdown step.

Gary

noi wrote:
> On Fri, 01 Apr 2005 07:18:22 +0800, Gary Tay Teng Teck thoughtfully wrote:
>
>
>>noi wrote:
>>
>>>Anyone know of a good tutorial for making LDAP replication work on FC3?
>>>I'm trying simple replication but going in either direction doesn't
>>>work.
>>>
>>># Replicas of this database Master openldap 2.2 replogfile
>>>/var/lib/ldap/example.com/master-replog replica uri=ldap://slave:389
>>> suffix="dc=example,dc=com"
>>> binddn="cn=replicator,dc=example,dc=com" bindmethod=simple
>>> credentials=secret
>>>
>>>
>>># Slave openldap 2.1
>>>updatedn "cn=replicator,dc=example,dc=com"
>>>
>>>updateref ldap://master:389
>>>
>>># A simple ACL that gives the updatedn full write permissions # It MUST
>>>appear before any other access rule # give the updateDN
>>>"cn=Replica,dc=example,dc=com" auth and write access access to *
>>> by dn.exact="cn=replicator,dc=example,dc=com" write
>>>
>>>The master replog has the changes but nothing happens When the roles
>>>where reversed the openldap 2.1 couldn't find the master. Thanks
>>>
>>>
>>
>>1) Did you slapcat the master and slapadd to the slave, as initialization
>>step for slave? Before you start slurpd.
>>
>
>
> No. Started with empty bdb and added to master. Is the slapcat a
> requirement
>
>
>>2) It will be good to have a "break" keyword for your ACL.
>>
>>access to *
>>
>> by dn.exact="cn=Replicator,dc=example,dc=com" write
>>
>> by * none break
>>
>
>
> I took it out but I'll put it back in.
>
>
>>You may follow Step 7X in my HOW-TO:
>>
>>http://web.singnet.com.sg/~garyttt/
>
>
> Thanks I'll have a look.
>
>
>>Rgds
>>Gary
>
>

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 03:23 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0