0

I have two openldap servers.i want to communicate between two servers by using openldap synchronisation in Linux and how to find out it is working or not .this is my code ,is it any problem in my code ,can any one help me.

Server 1 (ldap1 / "provider") slapd.conf:

database        bdb
suffix          "dc=am5up,dc=com"
directory       /var/lib/ldap
checkpoint      1024 5
sizelimit       unlimited
index objectClass                       eq,pres
...
index entryCSN                          eq
index entryUUID                         eq
access to *
          by self write
          by dn="cn=admin,dc=am5up,dc=com" write
          by * read
rootdn          "cn=admin,dc=am5up,dc=com"
rootpw          <hashed pwd>
overlay unique
unique_attributes mail
ServerID        1 "ldap://ldap1"
overlay syncprov
syncprov-checkpoint     100 10

Server 2 (ldap2 / "consumer") slapd.conf:

database    bdb
suffix      "dc=am5up,dc=com"
directory   /var/lib/ldap
checkpoint  1024 5
cachesize   10000
idlcachesize    10000
sizelimit   unlimited
index objectClass                       eq,pres
...
index entryCSN                          eq
index entryUUID                         eq
access to *
          by self write
          by dn="cn=admin,dc=am5up,dc=com" write
          by * read
rootdn      "cn=admin,dc=am5up,dc=com"
rootpw      <hashed pwd>
overlay unique
unique_attributes mail
ServerID        2 "ldap://ldap2"
overlay syncprov
syncprov-checkpoint     100 5
syncprov-sessionlog     100
syncrepl        rid=2
                provider="ldap://ldap1"
                type=refreshOnly
                retry="60 10 60 +"
                searchbase="dc=am5up,dc=com"
                attrs="*,+"
                bindmethod=simple
                binddn="cn=admin,dc=am5up,dc=com"
                credentials=<hashed pwd>
MirrorMode      on

ldap1 currently has roughly 650 users, whereas ldap2 is at 1842. ldap1 is accurate. When I see the same number of users on ldap2 I am assuming the sync will be working.

Any suggestions on what I have wrong for them to not sync?

Any suggestions are very much appreciated.

venu gopal
  • 3
  • 2
MSF004
  • 337
  • 1
  • 2
  • 11
  • As an update - it appears that maybe it is adding users but not deleting users. That may be why there is 1842 compared to 650. – MSF004 Oct 29 '16 at 17:23
  • What's the version of both. – drookie Oct 29 '16 at 17:26
  • "rpm -qa | grep openldap" shows: openldap-2.4.40-12.el6.x86_64 for both of them. – MSF004 Oct 29 '16 at 21:43
  • slapd -VV : $OpenLDAP: slapd 2.4.40 (May 10 2016 23:30:49) – MSF004 Oct 29 '16 at 21:44
  • I would resync and see what happens. 2.4.40 is one of the last versions (if not the very last), so I think this discrepancy was growing from some point, where openldap had some replication problems, and this was around <2.4.38. – drookie Oct 29 '16 at 21:48
  • And if you're using a simple master-slave setup, I would get rid of `MirrorMode`. – drookie Oct 29 '16 at 21:49
  • My apologies if this is an obvious question, but how do I resync? I always, in the past when it was working, just let the system sync. I was not aware of a separate sync command. Thank you for your responses. I will remove mirrormode as well. – MSF004 Oct 29 '16 at 22:57
  • Just stop the replica and delete all of it's databases, then start it again. – drookie Oct 30 '16 at 07:19
  • Wow, that did it! Thank you. I simply stopped slapd, rm -f /var/lib/ldap/*, then started slapd. Everything synced just fine. Now I am sad I wasted about 10 hours trying to figure out why it was not syncing properly. Thank you again! – MSF004 Oct 30 '16 at 13:33
  • 1
    You need to look after it a while, and check if desync will happen again. – drookie Oct 30 '16 at 15:37

0 Answers0