Reputation: 31
OpenLDAP olcMirrorMode
I am trying to use the Openldap dynamic configuration. I have an error being displayed as I try and add in the following :
add: olcMirrorMode
olcMirrorMode: TRUE
error(80)
additional info: <olcMirrorMode> database is not a shadow
Can anyone explain how to rid this error and what I need setup in order for the olcMirrorMode to be added in the daemon configuration?
Thanks :-)
Upvotes: 1
Views: 8996
Answers (2)
Reputation: 160
Configure OpenLDAP like below on first Server.
[root@dhcp200 ~]# cat /etc/openldap/slapd.conf |grep -v '^#' |grep -v '^$'
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/ppolicy.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
moduleload syncprov.la
loglevel sync
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN eq
index entryUUID eq
serverID 2
syncrepl rid=001
provider=ldap://192.168.122.204:389
bindmethod=simple
binddn="cn=Manager,dc=example,dc=com"
credentials=secret
searchbase="dc=example,dc=com"
attrs=",+"
schemachecking=off
type=refreshAndPersist
retry="1 +"
mirrormode TRUE
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
Configure slapd.conf like below in Second server.
[root@test6 ~]# cat /etc/openldap/slapd.conf |grep -v '^#' |grep -v '^$'
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/ppolicy.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
moduleload syncprov.la
loglevel sync
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN eq
index entryUUID eq
serverID 1
syncrepl rid=001
provider=ldap://192.168.122.200:389
bindmethod=simple
binddn="cn=Manager,dc=example,dc=com"
credentials=secret
searchbase="dc=example,dc=com"
attrs=",+"
schemachecking=off
type=refreshAndPersist
retry="1 +"
mirrormode TRUE
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
If you want to use cn=config method, then convert it to cn=config format using
# rm -rvf /etc/openldap/slapd.d/
# mkdir /etc/openldap/slapd.d/
# slaptest -f slapd.conf -F /etc/openldap/slapd.d/
# rm slapd.conf
# chown -R ldap:ldap /etc/openldap/slapd.d/
Start service of slapd on both servers.
# service slapd start
Upvotes: 0
Reputation: 141
I had similar problems, so hopefully this might help.
Mirrormode should be set up only on databases that you want to replicate, and the olcMirrorMode should be set after you've set up any and all syncrepl commands.
Assuming you're trying to do n-master replication Set up your syncrepl statments.
Once thats done turn on mirrormode. The catch for me was that I had to do a modify/add rather than a straight add to get it to accept mirrormode:
dn: olcDatabase={1}bdb,cn=config
changetype: modify
add: olcMirrorMode
olcMirrorMode: TRUE
Upvotes: 5
Related Questions
- No such object (32) error while trying to modify olcDatabase={2}hdb.ldif
- <suffix> invalid DN 21 (Invalid syntax) openldap
- Error on operational attribute creation in OpenLDAP
- How to add OU in LDAP?
- Trying to enable "olcAllows: bind_v2" in OpenLDAP 2.4
- OpenLDAP ppolicy
- LDAP add olcAttributeTypes
- openldap: Insufficient access
- How to do an initial setup of slapd OLC with ldapmodify
- Extended errno in LDAP