* [Comm] openldap и репликация
@ 2004-09-08 4:44 Pavel Stoliarov
2004-09-08 5:47 ` Dmitry Lebkov
0 siblings, 1 reply; 2+ messages in thread
From: Pavel Stoliarov @ 2004-09-08 4:44 UTC (permalink / raw)
To: community
Всем привет.
Имеется Master 2.2 и OpenLdap 2.0.27-alt5
Несколько дней мучаюсь с репликациями, ни как не могу победить.
Репликации с master slapd идут нормально на slave .
В OpenLDAP Administrator's Guide написано :
1. The LDAP client submits an LDAP modify operation to the slave slapd.
2. The slave slapd returns a referral to the LDAP client referring the
client to the master slapd.
3. The LDAP client submits the LDAP modify operation to the master slapd.
4. The master slapd performs the modify operation, writes out the change to
its replication log file and returns a success code to the client.
5. The slurpd process notices that a new entry has been appended to the
replication log file, reads the replication log entry, and sends the change
to the slave slapd via LDAP.
6. The slave slapd performs the modify operation and returns a success code
to the slurpd process.
Вот именно это и не работает , при попытке удалить или добавить новый элемент
на slave сервере , элемент просто удаляется или добавляется без запроса
master slapd
Конфиги :
master slapd.conf :
...
access to *
by dn="cn=admin,dc=mycompany,dc=ru" write
by * read
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=mycompany,dc=ru"
rootdn "cn=admin,dc=mycompany,dc=ru"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}vWihzY6W+2FU8eiVZF4sLrZJG0Q93Sir
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap/bases
replica host=slave.mycompany.ru:389
binddn="cn=admin,dc=mycompany,dc=ru"
bindmethod=simple
credentials=test
replogfile /var/log/ldap/replica.log
....
------------------------------------------------
slave slapd.conf :
.....
access to *
by dn="cn=admin,dc=mycompany,dc=ru" write
by * read
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=mycompany,dc=ru"
rootdn "cn=admin,dc=mycompany,dc=ru"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}vWihzY6W+2FU8eiVZF4sLrZJG0Q93Sir
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap/bases
updatedn "cn=admin,dc=mycompany,dc=ru"
updateref ldap://master.mycompany.ru
......
--
Best regards
Pavel Stoliarov
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Comm] openldap и репликация
2004-09-08 4:44 [Comm] openldap и репликация Pavel Stoliarov
@ 2004-09-08 5:47 ` Dmitry Lebkov
0 siblings, 0 replies; 2+ messages in thread
From: Dmitry Lebkov @ 2004-09-08 5:47 UTC (permalink / raw)
To: community
On Wed, 8 Sep 2004 09:44:55 +0500
Pavel Stoliarov <mylinux02@mail.ru> wrote:
> Всем привет.
>
> Имеется Master 2.2 и OpenLdap 2.0.27-alt5
> Несколько дней мучаюсь с репликациями, ни как не могу победить.
> Репликации с master slapd идут нормально на slave .
> В OpenLDAP Administrator's Guide написано :
[skip]
> Вот именно это и не работает , при попытке удалить или добавить новый элемент
> на slave сервере , элемент просто удаляется или добавляется без запроса
> master slapd
>
> Конфиги :
> master slapd.conf :
> ...
> access to *
> by dn="cn=admin,dc=mycompany,dc=ru" write
> by * read
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> suffix "dc=mycompany,dc=ru"
> rootdn "cn=admin,dc=mycompany,dc=ru"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[skip]
> ------------------------------------------------
> slave slapd.conf :
[skip]
> updatedn "cn=admin,dc=mycompany,dc=ru"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Возможно, одно из двух:
- либо клиент не понимает referral
- либо rootdn и updatedn надо привести в
соответствие с 'man slapd.con':
updatedn <dn>
.....
Generally, this DN should not be the same as the
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
rootdn of the master database.
--
WBR, Dmitry Lebkov
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-09-08 5:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-09-08 4:44 [Comm] openldap и репликация Pavel Stoliarov
2004-09-08 5:47 ` Dmitry Lebkov
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git