samba - Feb 2010 - LDAP backend replication?

Hi to all!

I've set up Zimbra LDAP (2.4) as master, and I want to use RHEL v5 LDAP
(2.3) as a slave. This is relevant part of my slapd.conf on LDAP 2.3:

# syncrepl directives
syncrepl  rid=101
	provider=ldap://192.168.1.86
	bindmethod=simple
	binddn="uid=zimbra,cn=admins,cn=zimbra"
	credentials=PASSword
	searchbase="dc=company,dc=com"
	schemachecking=on
	type=refreshAndPersist
	retry="60 +"
	syncdata=accesslog
# Refer updates to the master
updateref		ldap://192.168.1.86

Replication works OK, when I first start LDAP, it populates
automatically. But after that initial data, it just doesn't pull
anything anymore. I have to restart it, or it won't pull data from
Master :( Problem is, when I add user to Zimbra LDAP (master), it does
not propagate immediately data to slave LDAP. I don't even know what the
interval is, I've never seen it happen in a few minutes after the Master
LDAP is updated...

Am I missing something? Shouldn't "refreshAndPersist" do it
without any
delay (or with minimal delay)? Should I run someting on zimbra LDAP
side, or is the sync from LDAP 2.4 to LDAP 2.3 impossible? Would it be
better to set something like:

type=refreshOnly
interval=00:00:00:01

but this just seems like a bruteforce to me :( I repeat, after I restart
slave LDAP, all the new enteries appear magically.

I'm really confused.

Problems that occur with samba because of this is that I cannot add new
machines to the domain, I get the "username could not be found"
errors.
I'm trying to free my samba of mater ldap, and bind it to slave ldap.
That way, updates will be refered to master, but if master fails, users
would still be able to log in. Is this a correct understanding or am I
missing something?

Thank you.



-- 
|    Jakov Sosic    |    ICQ: 28410271    |   PGP: 0x965CAE2D   |
================================================================| start fighting
cancer -> http://www.worldcommunitygrid.org/   |

On Wed, 2010-02-10 at 02:01 +0100, Jakov Sosic wrote:
> Hi to all!
> 
> I've set up Zimbra LDAP (2.4) as master, and I want to use RHEL v5 LDAP
> (2.3) as a slave. This is relevant part of my slapd.conf on LDAP 2.3:
That won't work.  But you can get OpenLDAP 2.4 packages from
<http://staff.telkomsa.net/packages/rhel5/openldap/i386/> for
CentOS/RHEL.

> Am I missing something? 
You can't replicate between servers of significantly different versions.
>  or is the sync from LDAP 2.4 to LDAP 2.3 impossible? 
Yes.

Do you want a multi master update? Or a master slave?

Master you need: moduleload     syncprov.la; ServerId of your Servers,

And this are my settings working:

syncrepl   rid=1
          provider=ldap://ctdb1.ldap.net
          searchbase="dc=ldap,dc=net"
          type=refreshAndPersist
          retry="5 10 30 +"
          filter="objectClass=*"
          scope=sub
          attrs="*,+"
          sizelimit=unlimited
          timelimit=unlimited
          bindmethod=simple
          binddn="cn=administrator,dc=ldap,dc=net"
          credentials=password


syncrepl   rid=2
          provider=ldap://ctdb2.ldap.net
          searchbase="dc=ldap,dc=net"
          type=refreshAndPersist
          retry="5 10 30 +"
          filter="objectClass=*"
          scope=sub
          attrs="*,+"
          sizelimit=unlimited
          timelimit=unlimited
          bindmethod=simple
          binddn="cn=administrator,dc=ldap,dc=net"
          credentials=password

mirrormode on
syncprov-checkpoint 20 1
syncprov-sessionlog 100
database monitor

Good Luck
Daniel
-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von nyali
Gesendet: Sonntag, 17. April 2011 19:46
An: samba at lists.samba.org
Betreff: Re: [Samba] LDAP backend replication?

hi jakov

i am using LDAP for my central authentication with kerberos backen db (ldap)
, samba , mail srever(postfix) . my all servers all running debian etch with
slapd 2.3 . I use slurpd for replication to all my ldap slave servers , my
master pulls to slave.  Now i am upgrading one by one all my servers to
lenny. I upgrade my LDAP server first to lenny and all my kerberos and
postfix are running on lenny all ok but this make slapd 2.4 and its my
master server , all slave are not getting replicated updates as they were on
slurpd . i am changing them in synrepl. my master slapd.conf is 


# MD5SUM:
#
allow           bind_v2
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/hdb.schema
include         /etc/ldap/schema/qmail.schema
include         /etc/ldap/schema/ISPEnv2.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/evolutionperson.schema
include         /etc/ldap/schema/sudo.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0

modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      smbk5pwd.so
moduleload      syncprov.so


sizelimit 500
tool-threads 1

backend         bdb
database        bdb
overlay         smbk5pwd
overlay         syncprov

suffix          "dc=example,dc=pk"
directory       "/var/lib/ldap"
checkpoint      128 5
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

#syncprov-checkpoint 1 1
syncprov-checkpoint 100  10
syncprov-sessionlog 200
syncprov-nopresent TRUE
syncprov-reloadhint TRUE


#
# Indexes for BDB
#
index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn                      eq,subinitial,pres
index   mail                    pres,eq
index   krb5PrincipalName,krb5PrincipalRealm pres,eq
index   sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index   sudoUser                                        eq
index   entryCSN,entryUUID                      eq
lastmod         on

#
# SASL settings
#
sasl-realm      EXAMPLE.PK
sasl-host       hades.example.pk
sasl-secprops   minssf=0
sasl-regexp uid=(.*),cn=example.pk,cn=gssapi,cn=auth
uid=$1,ou=people,dc=example,dc=pk
sasl-regexp
"gidnumber=0\\\+uidnumber=0,cn=peercred,cn=external,cn=auth"
"krb5PrincipalName=example/admin at
example.pk,ou=kerberos,dc=example,dc=pk"

#
# Password hashes
#
#password-hash {K5KEY}

#
# TLS and SSL support
#
#TLSCertificateFile      /etc/ssl/server-certs/hades-server.crt
#TLSCertificateKeyFile   /etc/ssl/server-keys/hades-server.key

#
# ACL Include file
#
include /etc/ldap/slapd.access

#
# Define replication
#


slave slapd.conf

syncrepl rid=1
  provider=ldap://hades.pk:389
    type=refreshAndPersist
            searchbase="dc=example,dc=pk"
                filter="(objectClass=*)"
                scope=sub
                schemachecking=off
                    bindmethod=simple
                        binddn="cn=admin,dc=example,dc=pk"
                            credentials=123
                          logbase="cn=deltalog"
                         
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"



please help me what i am missing





--
View this message in context:
http://samba.2283325.n4.nabble.com/LDAP-backend-replication-tp2456235p345582
9.html
Sent from the Samba - General mailing list archive at Nabble.com.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba