?
Solved

OpenLDAP replication problems

Posted on 2005-03-03
13
Medium Priority
?
2,749 Views
Last Modified: 2008-01-09
I'm configuring a pair of servers, called tome and lexicon, that are going to serve as master and slave LDAP servers, respectively.

However, when I log into lexicon with an LDAP client, and make changes, the changes don't propagate downward to tome.  Furthermore, when I log onto tome's console and use slapadd to make changes to its directory, those changes don't propagate up to lexicon.

I've gone through the slapd and slurpd Administrator's Guide, and it seems as though I've got everything configured properly, but I just can't seem to get the two servers to play nice with one another.  Any ideas?
0
Comment
Question by:guitaristx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
13 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13453542
have you configure as multi-master, or master-slave?
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13453678
master-slave.

As an update, I can make changes on the master, and they get propagated up to the slave, but the slave doesn't seem to be propagating its changes back to the master.
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13453804
Another update - it seems as though referrals from the slave to the master are not happening.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 13454569
slaves cannot propagate changes to the master, they are read-only
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13454788
I agree, in theory, a client should never make changes to a slave.
However, according to the slapd & slurpd Administrator's Guide, the slave refers the client to the master when changes are to be made.  This is not happening, and I can't figure out why.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13454884
> ..  the slave refers the client to the master when changes are
hmm, I know from iPlanet/Sune ONE that the slave (even if read-only) "caches" changes which are made to the master if that is uneachable somehow.  They are written to the master when it comes back.
AFAIK with openLDAP you have to use multi-master for that.
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13458914
I didn't see anything about that in the Admin Gude:
http://www.openldap.org/doc/admin22/replication.html

I just can't figure out why the referral isn't taking place.
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13459397
Also, when I attempt to add a new record through the slave, I'm getting:
LDAP error code 80 -
no structuralObjectClass operational attribute

I've been googling the heck out of this error message, and I've come up with absolutely squat.  GRRR! This is frustrating.

<raised point value>
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13459665
Attempted using ldapadd from the console, got:
error code 53: unwilling to perform - no global superior knowledge
0
 
LVL 6

Author Comment

by:guitaristx
ID: 13461734
Allright, I've solved my own problem.  Here's the deal:

I was auth'ing as the replication user on the slave, so the slave thought that it was getting updates from the master.  Therefore, it wasn't adding its own structuralObjectClass attributes, thinking that it would get them explicitly from me (supposedly, the master LDAP server).  After making a different user to log in as, and making the ACL give me permission to write, I've got it rocking and rolling.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13462233
well done, someone here to grade guitaristx?
 ;-)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13491151
Closed, 500 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question