[Comm] openldap и репликация

[Pavel Stoliarov <mylinux02@mail.ru>]

Всем привет.

Имеется Master 2.2 и OpenLdap 2.0.27-alt5
Несколько дней мучаюсь с репликациями, ни как не могу победить. 
Репликации с master slapd идут нормально на slave .
В OpenLDAP  Administrator's Guide написано :

   1. The LDAP client submits an LDAP modify operation to the slave slapd.
   2. The slave slapd returns a referral to the LDAP client referring the 
client to the master slapd.
   3. The LDAP client submits the LDAP modify operation to the master slapd.
   4. The master slapd performs the modify operation, writes out the change to 
its replication log file and returns a success code to the client.
   5. The slurpd process notices that a new entry has been appended to the 
replication log file, reads the replication log entry, and sends the change 
to the slave slapd via LDAP.
   6. The slave slapd performs the modify operation and returns a success code 
to the slurpd process.

 Вот именно это и не работает , при попытке удалить или добавить новый элемент 
на slave сервере , элемент просто удаляется или добавляется без запроса 
master slapd

Конфиги : 
master slapd.conf :
...
  access to *
          by dn="cn=admin,dc=mycompany,dc=ru" write
          by * read

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=mycompany,dc=ru"
rootdn          "cn=admin,dc=mycompany,dc=ru"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}vWihzY6W+2FU8eiVZF4sLrZJG0Q93Sir

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap/bases

replica host=slave.mycompany.ru:389
        binddn="cn=admin,dc=mycompany,dc=ru"
        bindmethod=simple
        credentials=test

replogfile /var/log/ldap/replica.log
....
------------------------------------------------
slave slapd.conf :
.....
   access to *
           by dn="cn=admin,dc=mycompany,dc=ru" write
           by * read

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=mycompany,dc=ru"
rootdn          "cn=admin,dc=mycompany,dc=ru"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}vWihzY6W+2FU8eiVZF4sLrZJG0Q93Sir

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap/bases

updatedn "cn=admin,dc=mycompany,dc=ru"
updateref ldap://master.mycompany.ru

......




-- 
Best regards
Pavel Stoliarov