Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

OpenLDAP replication problems

Posted on 2005-03-03
13
Medium Priority
?
2,751 Views
Last Modified: 2008-01-09
I'm configuring a pair of servers, called tome and lexicon, that are going to serve as master and slave LDAP servers, respectively.

However, when I log into lexicon with an LDAP client, and make changes, the changes don't propagate downward to tome.  Furthermore, when I log onto tome's console and use slapadd to make changes to its directory, those changes don't propagate up to lexicon.

I've gone through the slapd and slurpd Administrator's Guide, and it seems as though I've got everything configured properly, but I just can't seem to get the two servers to play nice with one another.  Any ideas?
0
Comment
Question by:guitaristx
  • 7
  • 4
12 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13453542
have you configure as multi-master, or master-slave?
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13453678
master-slave.

As an update, I can make changes on the master, and they get propagated up to the slave, but the slave doesn't seem to be propagating its changes back to the master.
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13453804
Another update - it seems as though referrals from the slave to the master are not happening.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 13454569
slaves cannot propagate changes to the master, they are read-only
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13454788
I agree, in theory, a client should never make changes to a slave.
However, according to the slapd & slurpd Administrator's Guide, the slave refers the client to the master when changes are to be made.  This is not happening, and I can't figure out why.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13454884
> ..  the slave refers the client to the master when changes are
hmm, I know from iPlanet/Sune ONE that the slave (even if read-only) "caches" changes which are made to the master if that is uneachable somehow.  They are written to the master when it comes back.
AFAIK with openLDAP you have to use multi-master for that.
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13458914
I didn't see anything about that in the Admin Gude:
http://www.openldap.org/doc/admin22/replication.html

I just can't figure out why the referral isn't taking place.
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13459397
Also, when I attempt to add a new record through the slave, I'm getting:
LDAP error code 80 -
no structuralObjectClass operational attribute

I've been googling the heck out of this error message, and I've come up with absolutely squat.  GRRR! This is frustrating.

<raised point value>
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13459665
Attempted using ldapadd from the console, got:
error code 53: unwilling to perform - no global superior knowledge
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13461734
Allright, I've solved my own problem.  Here's the deal:

I was auth'ing as the replication user on the slave, so the slave thought that it was getting updates from the master.  Therefore, it wasn't adding its own structuralObjectClass attributes, thinking that it would get them explicitly from me (supposedly, the master LDAP server).  After making a different user to log in as, and making the ACL give me permission to write, I've got it rocking and rolling.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13462233
well done, someone here to grade guitaristx?
 ;-)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13491151
Closed, 500 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Although free tools can be helpful to a limited extent, it’s better to stick to paid versions for business use.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question