4

We currently have a single OpenLDAP server using the cn=config backend. We'd like to add a second OpenLDAP server and configure them for multimaster replication. What do we need to do to

  1. enable replication on the existing server and
  2. initialize the new server with the existing data

So far what I've done (following this guide) is:

Syncing configuration

 dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://foo.example.com olcServerID: 2 ldap://bar.example.com - replace: olcSaslSecProps olcSaslSecProps: noanonymous dn: cn=module,cn=config changetype: modify olcModuleLoad: syncprov dn: olcDatabase=config,cn=config changetype: modify olcRootDN: cn=admin,cn=config olcRootPW: abc123 add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://foo.example.com bindmethod=simple binddn="cn=admin,cn=config" credentials=abc123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 olcSyncRepl: rid=002 provider=ldap://bar.example.com bindmethod=simple binddn="cn=admin,cn=config" credentials=abc123 searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 - add: olcMirrorMode olcMirrorMode: TRUE dn: olcOverlay=syncprov, olcDatabase=config, cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov

This got configuration syncing working on both directions.

Syncing data

 dn: olcDatabase=bdb,cn=config changetype: modify add: olcMirrorMode olcMirrorMode: TRUE - add: olcSyncrepl olcSyncrepl: rid=001 provider=ldap://foo.example.com searchbase=dc=example,dc=com binddn="uid=ldapsync,ou=Special Accounts,dc=example,dc=com" credentials=xyz123 olcSyncrepl: rid=002 provider=ldap://bar.example.com searchbase=dc=example,dc=com binddn="uid=ldapsync,ou=Special Accounts,dc=example,dc=com" credentials=xyz123 dn: olcOverlay=syncprov, olcDatabase=bdb, cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov

I verified that these changes were synced to the second server, and that the ldapsync user can authenticate and can see all the data it needs to. However, the bdb data doesn't seem to be syncing in either direction. What am I missing?

Improve this question

1 Answer 1

Reset to default
2

This thread led me to the idea that the olcMirrorMode definition needs to be placed after the olcSyncrepl lines. I stopped the ldap servers and edited the olcDatabase ldif files manually. This seems to have gotten replication of the data working in both directions now.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.