Comments on Install Openldap From Source And Configure Multi-Master Replication

Install Openldap From Source And Configure Multi-Master Replication Going forward to my previous document on setting up a Qmail Server with Openldap, I am now sharing a doc on how we can set up an Openldap in multi-master replication mode. So If you want more than one ldap-server for redundancy here we go.

9 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:
Reply  

Is it safe to have the root password hash in etc/openldap/slapd.conf ? You do not mention any further precautions like setting permission of slapd.conf!?

By:
Reply  

thanks for pointing it, i will update the doc accordingly..

By: tvs
Reply  

the syncrepl configuration in slapd.conf uses ldaadmin with password 'secret', while in the same file the rootdn is also defined as ldadmin but with a hashed password, isn't this wrong?

 

By: Anonymous
Reply  

I have followed your instructions to a T and upon getting to the point where you run the init.d script, I noticed I was receiving no output.  Upon investigating the ldap service script, I noticed you check for slurpd and ensure it is located at/usr/sbin/slurpd.  However, I have had 0 luck in finding it at that or any other location on my machine.  I've searched the entire box using find as root and found 0 files named slurpd (including the the openldap build directory).  Any thoughts on how to get slurpd installed?

 Wait... I just noticed they removed slurpd in 2.4.... why would you reference using 2.4.6 then?

By: sekhar
Reply  

Here my question is :

3 ldap servers in replication but we did not make any changes but on 2 servers its showing status error.

please help me with solution for this issue.

There are 3 replications of LDAP, they are on lkosscif1,lkosscif2 and lkossomsas1.

Found 2 error when check on lkosscif1 and lkossomsas1. Log as below.

No changed were done on them. The issue is still happening. Thanks.

 

Checking on lkosscif1

Replication Configuration Menu

 

1 Enable Domain Replication

2 Create Domain Replication Agreement

3 Check Status of Domain Replication Agreement

4 Initialize Domain Replication

5 Remove Domain Replication Agreement

6 List all Replication Agreements

7 Disable Domain Replication

8 Add Replica to LDAP Client Connection Profile

9 Exit

 

Enter option number: 6

 

INFO [Executing: /opt/SUNWdsee/ds6/bin/dsconf list-repl-agmts -i -D cn=directory manager]

 

dc=lkoss,dc=smartone,dc=com lkossomsas1.lkoss.smartone.com:636

dc=lkoss,dc=smartone,dc=com lkosscif2.lkoss.smartone.com:636

 

INFO Listing replication agreement was successful.

… …

 

Enter option number: 3

 

Enter Replication destination FQHN (e.g. server2.dns.companyname.com): lkosscif2.lkoss.smartone.com

 

INFO [Executing: /opt/SUNWdsee/ds6/bin/dsconf show-repl-agmt-status -D cn=directory manager dc=lkoss,dc=smartone,dc=com lkosscif2.lkoss.smartone.com:636]

Configuration Status : OK

Authentication Status : NOT OK

Initialization Status : OK

 

Status : Error Sending Updates

Last Message : Replication error updating replica: Could not bind to replica : transient error - Failed to bind to remote

Pending Changes : 14867

 

INFO Check replication status ran successfully.

 

Checking on lkossomsas1

Replication Configuration Menu

 

1 Enable Domain Replication

2 Create Domain Replication Agreement

3 Check Status of Domain Replication Agreement

4 Initialize Domain Replication

5 Remove Domain Replication Agreement

6 List all Replication Agreements

7 Disable Domain Replication

8 Add Replica to LDAP Client Connection Profile

9 Exit

 

Enter option number: 6

 

INFO [Executing: /opt/SUNWdsee/ds6/bin/dsconf list-repl-agmts -i -D cn=directory manager]

 

dc=lkoss,dc=smartone,dc=com lkosscif2.lkoss.smartone.com:636

dc=lkoss,dc=smartone,dc=com lkosscif1.lkoss.smartone.com:636

 

INFO Listing replication agreement was successful.

 

… …

Enter option number: 3

 

Enter Replication destination FQHN (e.g. server2.dns.companyname.com): lkosscif1.lkoss.smartone.com

 

INFO [Executing: /opt/SUNWdsee/ds6/bin/dsconf show-repl-agmt-status -D cn=directory manager dc=lkoss,dc=smartone,dc=com lkosscif1.lkoss.smartone.com:636]

Configuration Status : OK

Authentication Status : NOT OK

Initialization Status : OK

 

Status : Error Sending Updates

Last Message : Replication error updating replica: Could not bind to replica : transient error - Failed to bind to remote

Pending Changes : 1

 

INFO Check replication status ran successfully.

 

.

 

we know that the workaround to fix this issue is to recreate the replication agreements between sorce and destination.

but need the RCA for this issue.

Thanks in advance.

 

 

By: shashikanth.b
Reply  

Can you please tell me whether syncrepl replicate the password policy on Ldap. and if yes , can you let me know the steps in implementing 

By: venu
Reply  

Till 4th step the documentation is clear, I was wondered on which server I need to do these configurations after 4th step, You didn't mention on which server we need to perform other steps. I am new to this and I want to learn, so please help me out. And let me know how to check whether replication done or not

By: VG-hyd
Reply  

When i am using rsynch operation on my EC2 instance getting an error like "Permanently added 'server2,x.x.x.x' (ECDSA) to the list of known hosts. Permission denied (publickey). rsync: connection unexpectedly closed (0 bytes received so far) [sender]"

How to solve this issue? Is there anybody to help me?

By: Abdeslam
Reply  

Hello

 

This tutorial is out f date it is applicabel to the old versions of ldap