Configuring openldap multimaster replication using cn=config

dynamic configuration replication openldap
6,580

This thread led me to the idea that the olcMirrorMode definition needs to be placed after the olcSyncrepl lines. I stopped the ldap servers and edited the olcDatabase ldif files manually. This seems to have gotten replication of the data working in both directions now.

Share:
6,580
Brad Mace
Author by

Brad Mace

Updated on September 18, 2022

Comments

  • Brad Mace
    Brad Mace over 1 year

    We currently have a single OpenLDAP server using the cn=config backend. We'd like to add a second OpenLDAP server and configure them for multimaster replication. What do we need to do to

    1. enable replication on the existing server and
    2. initialize the new server with the existing data

    So far what I've done (following this guide) is:

    Syncing configuration

    dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://foo.example.com
olcServerID: 2 ldap://bar.example.com
-
replace: olcSaslSecProps
olcSaslSecProps: noanonymous

dn: cn=module,cn=config
changetype: modify
olcModuleLoad: syncprov

dn: olcDatabase=config,cn=config
changetype: modify
olcRootDN: cn=admin,cn=config
olcRootPW: abc123
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://foo.example.com bindmethod=simple
  binddn="cn=admin,cn=config" credentials=abc123 searchbase="cn=config" 
  type=refreshAndPersist retry="5 5 300 5" timeout=3
olcSyncRepl: rid=002 provider=ldap://bar.example.com bindmethod=simple 
  binddn="cn=admin,cn=config" credentials=abc123 searchbase="cn=config" 
  type=refreshAndPersist retry="5 5 300 5" timeout=3
-
add: olcMirrorMode
olcMirrorMode: TRUE

dn: olcOverlay=syncprov, olcDatabase=config, cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

    This got configuration syncing working on both directions.

    Syncing data

    dn: olcDatabase=bdb,cn=config
changetype: modify
add: olcMirrorMode
olcMirrorMode: TRUE
-
add: olcSyncrepl
olcSyncrepl: rid=001 provider=ldap://foo.example.com searchbase=dc=example,dc=com binddn="uid=ldapsync,ou=Special Accounts,dc=example,dc=com" credentials=xyz123
olcSyncrepl: rid=002 provider=ldap://bar.example.com searchbase=dc=example,dc=com binddn="uid=ldapsync,ou=Special Accounts,dc=example,dc=com" credentials=xyz123

dn: olcOverlay=syncprov, olcDatabase=bdb, cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

    I verified that these changes were synced to the second server, and that the ldapsync user can authenticate and can see all the data it needs to. However, the bdb data doesn't seem to be syncing in either direction. What am I missing?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting up openldap for ldaps with cn=config
OpenLDAP configuration error ldap_bind: Invalid credentials (49)
Switching OpenLDAP from cn=config to slapd.conf
How to configure OpenLDAP 2.4 with bdb backend?
how to configure open ldap to work on localhost
How to migrate LDAP (database,schema,configuration) to other machine
"ldap_add: Naming violation (64)" error when configuring OpenLDAP
Programmatically configure Hibernate with dynamic username and password
How do you make dynamic bindings in Guice that require an injected Instance?
How to defer routes definition in Angular.js?