?

Log in

No account? Create an account
OpenLDAP replication between 2.1 and 2.0 - Nick [entries|archive|friends|userinfo]
Nick

[ website | gagravarr.org ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

OpenLDAP replication between 2.1 and 2.0 [Sep. 2nd, 2004|05:16 pm]
Nick
This one has been bugging me on and off for about a month now. I can't get OpenLDAP 2.1 on my redhat 8 box, because that needs db4, and db4 won't build in shared mode if you don't have NPL. I could probably get something going if I compiled everything for source (or possibly even found someone else's rpms, other than redhat 9 / fedora ones), but that would probably not fit in with package management stuff properly.

Today, I finally figured out how to get my OpenLDAP 2.1 server to replicate to a 2.0 slave. It largely follows the official guide, but with a few tweaks.

Set up your 2.1 system as usual, but without replication. Set up an entry which you'll use to bind to the slave for replication, and make a note of the password.

Go to your fresh 2.0 system, and set the rootdn and rootpw to be those that you're going to connect with for the sync. Check you can bind to the empty server. Now, stop both servers. Run slapcat on the master, and copy the resulting file to the slave. Remove all lines starting with "entryCSN" and "entryUUID", as slapadd on 2.0 can't cope with these. Feed the resulting file to slapadd on the slave. (If it fails, run it again with -d 4095, and you should see the error).

On the slave, change the rootdn to match that on the master, and ditch the rootpw line. Set an updatedn line corresponding to the dn you'll be binding with for replication. Start the slave, and check it's happy. Query a few things, and check the come back fine.

Now, go to the master, and set up the replica and replog directives as specified by the replication guide. You need to add one more line to your replica directive than the guide suggests: "attr!=entryCSN,entryUUID". This will prevent the replication sending over the entryCSN and entryUUID directives, which your 2.0 server can't understand.

For the final test, stop your 2.0 slave, and start it again by hand, with the "-d 4095" extra option. Start the 2.1 server, and hopefully your init script will pull up slurpd too. Make a change to the master, and see if the slave takes it. If it does, stop it, and start it as normal.

If you have problems, start the master slapd by hand, with -d 4095. Make a modification, and check it looks ok in the relication file. If it does, run "slurpd -d 4095 -f conffile", and watch both the slurpd screen and your slave slapd screen. At least one of these two will show you what the error is.

Once it's all sorted, your 2.1 server will quite happily replicate to the 2.0 server, and all is fine :)
linkReply

Comments:
From: gazali
2005-01-13 05:33 am (UTC)

openldap2.2 syncrepl question

hi,do you know the function of "syncrepl"?
(Reply) (Thread)
From: gagravarr
2005-01-17 04:39 pm (UTC)

Re: openldap2.2 syncrepl question

I looks quite shiny, but it's 2.2 only. Looks like it works in a similar sort of way to slurpd, but with a more standarised method

Alas I'm working with 2.1 and 2.0 which means only slurpd for me :(
(Reply) (Parent) (Thread)
From: gazali
2005-01-18 03:02 am (UTC)

Re: openldap2.2 syncrepl question

oh,what a pity.
but thank you all the same.
(Reply) (Parent) (Thread)