Ping a Specific Port

Question

Brad Mace

Asked: 2013-07-02 12:45:31 +0800 CST2013-07-02 12:45:31 +0800 CST 2013-07-02 12:45:31 +0800 CST

Configuring openldap multimaster replication using cn=config

772

We currently have a single OpenLDAP server using the cn=config backend. We'd like to add a second OpenLDAP server and configure them for multimaster replication. What do we need to do to

enable replication on the existing server and
initialize the new server with the existing data

So far what I've done (following this guide) is:

Syncing configuration

dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://foo.example.com
olcServerID: 2 ldap://bar.example.com
-
replace: olcSaslSecProps
olcSaslSecProps: noanonymous

dn: cn=module,cn=config
changetype: modify
olcModuleLoad: syncprov

dn: olcDatabase=config,cn=config
changetype: modify
olcRootDN: cn=admin,cn=config
olcRootPW: abc123
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://foo.example.com bindmethod=simple
  binddn="cn=admin,cn=config" credentials=abc123 searchbase="cn=config" 
  type=refreshAndPersist retry="5 5 300 5" timeout=3
olcSyncRepl: rid=002 provider=ldap://bar.example.com bindmethod=simple 
  binddn="cn=admin,cn=config" credentials=abc123 searchbase="cn=config" 
  type=refreshAndPersist retry="5 5 300 5" timeout=3
-
add: olcMirrorMode
olcMirrorMode: TRUE

dn: olcOverlay=syncprov, olcDatabase=config, cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

This got configuration syncing working on both directions.

Syncing data

dn: olcDatabase=bdb,cn=config
changetype: modify
add: olcMirrorMode
olcMirrorMode: TRUE
-
add: olcSyncrepl
olcSyncrepl: rid=001 provider=ldap://foo.example.com searchbase=dc=example,dc=com binddn="uid=ldapsync,ou=Special Accounts,dc=example,dc=com" credentials=xyz123
olcSyncrepl: rid=002 provider=ldap://bar.example.com searchbase=dc=example,dc=com binddn="uid=ldapsync,ou=Special Accounts,dc=example,dc=com" credentials=xyz123

dn: olcOverlay=syncprov, olcDatabase=bdb, cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

I verified that these changes were synced to the second server, and that the ldapsync user can authenticate and can see all the data it needs to. However, the bdb data doesn't seem to be syncing in either direction. What am I missing?

1 Answers

Voted

Brad Mace · Answer 1 · 2013-07-04T12:52:51+08:00

Best Answer

Brad Mace

2013-07-04T12:52:51+08:002013-07-04T12:52:51+08:00

This thread led me to the idea that the olcMirrorMode definition needs to be placed after the olcSyncrepl lines. I stopped the ldap servers and edited the olcDatabase ldif files manually. This seems to have gotten replication of the data working in both directions now.

2

Configuring openldap multimaster replication using cn=config

Syncing configuration

Syncing data

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?