Discussion:
N-way multimaster replication problem
Néher Márton
2010-04-24 12:41:42 UTC
Permalink
Hi,

I have just set up openldap on two nodes (alpha, beta). I am using openldap
for a passdb backend for samba.
I followed this guide:
http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master

To a point, everything seems to work just fine, the cn=config replication
works both ways.
After deleting everything from my base, I run smbldap-populate on the node
alpha.
It creates the default users, groups pretty fine, but it failed to replicat
to node beta.

the log entries shows this on alpha:
http://pastebin.com/Ykhvq4BY

on the other node the log shows this on beta:
http://pastebin.com/KNwgHQDW

My configuration looks the following:

cn=config:
http://pastebin.com/mT5A4K5i

olcDatabase={0}config,cn=config:
http://pastebin.com/kwBNEaeV

olcDatabase={0}hdb,cn=config:
http://pastebin.com/FsPaKK90

I have the olcOverlay={0}syncprov,olcDatabase={0}config,cn=config and
olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config set to olcOverlay:
{0}syncprov

I have nothing in slapd.conf
Do you know where to search this problem? What other logs should i attach to
figure it out?

Have a nice day,
Best Regards,
Marton, Neher
Néher Márton
2010-04-24 22:40:56 UTC
Permalink
Okay, i found the bug.
It was about the olcServerID.
My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2
ldap://beta-int/, which is correct.
But if I start my openldap as ubuntu says (/usr/sbin/slapd -h
ldap://beta-int/ ldap://127.0.0.1:389/ ldapi:/// -g openldap -u openldap -F
/etc/ldap/slapd.d/), it does not recognise that he is beta-int. Only if I
start it with only the ldap://beta-int/ parameter. But I really need the
other two interfaces as well.
What can I do now with it?

Thanks,
BR,
Márton Néher
Post by Néher Márton
Hi,
I have just set up openldap on two nodes (alpha, beta). I am using openldap
for a passdb backend for samba.
http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
To a point, everything seems to work just fine, the cn=config replication
works both ways.
After deleting everything from my base, I run smbldap-populate on the node
alpha.
It creates the default users, groups pretty fine, but it failed to replicat
to node beta.
http://pastebin.com/Ykhvq4BY
http://pastebin.com/KNwgHQDW
http://pastebin.com/mT5A4K5i
http://pastebin.com/kwBNEaeV
http://pastebin.com/FsPaKK90
I have the olcOverlay={0}syncprov,olcDatabase={0}config,cn=config and
{0}syncprov
I have nothing in slapd.conf
Do you know where to search this problem? What other logs should i attach
to figure it out?
Have a nice day,
Best Regards,
Marton, Neher
Jonathan Clarke
2010-04-25 14:21:43 UTC
Permalink
Hi,
Post by Néher Márton
Okay, i found the bug.
It was about the olcServerID.
My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2
ldap://beta-int/, which is correct.
But if I start my openldap as ubuntu says (/usr/sbin/slapd -h
ldap://beta-int/ ldap://127.0.0.1:389/ <http://127.0.0.1:389/> ldapi:///
-g openldap -u openldap -F /etc/ldap/slapd.d/), it does not recognise
that he is beta-int. Only if I start it with only the ldap://beta-int/
parameter. But I really need the other two interfaces as well.
What can I do now with it?
What version of OpenLDAP are you using?

A bug similar to this was corrected in 2.4.18:
http://www.openldap.org/its/?findid=5942

If you're using an older version, this should still work fine so long as
the URL in the -h option to slapd exactly matched the URL in serverID
(make sure the all slashes are present, etc).

Preferably, use the latest release, though, to avoid other such bugs now
fixed :)

Jonathan
Post by Néher Márton
Hi,
I have just set up openldap on two nodes (alpha, beta). I am using
openldap for a passdb backend for samba.
http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
To a point, everything seems to work just fine, the cn=config
replication works both ways.
After deleting everything from my base, I run smbldap-populate on
the node alpha.
It creates the default users, groups pretty fine, but it failed to
replicat to node beta.
http://pastebin.com/Ykhvq4BY
http://pastebin.com/KNwgHQDW
http://pastebin.com/mT5A4K5i
http://pastebin.com/kwBNEaeV
http://pastebin.com/FsPaKK90
I have the olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
and olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config set to
olcOverlay: {0}syncprov
I have nothing in slapd.conf
Do you know where to search this problem? What other logs should i
attach to figure it out?
Have a nice day,
Best Regards,
Marton, Neher
--
--------------------------------------------------------------
Jonathan Clarke - ***@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
Néher Márton
2010-04-25 15:36:01 UTC
Permalink
Actually I solved the problem meanwhile by using FQDNs (altough i don't
really see why is it important on a local-network) and trailing slashes just
as you have suggested.

The version is exactly:
$ slapd -VV
@(#) $OpenLDAP: slapd 2.4.21 (Apr 15 2010 11:38:12) $
Post by Jonathan Clarke
Hi,
Post by Néher Márton
Okay, i found the bug.
It was about the olcServerID.
My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2
ldap://beta-int/, which is correct.
But if I start my openldap as ubuntu says (/usr/sbin/slapd -h
ldap://beta-int/ ldap://127.0.0.1:389/ <http://127.0.0.1:389/> ldapi:///
-g openldap -u openldap -F /etc/ldap/slapd.d/), it does not recognise
that he is beta-int. Only if I start it with only the ldap://beta-int/
parameter. But I really need the other two interfaces as well.
What can I do now with it?
What version of OpenLDAP are you using?
http://www.openldap.org/its/?findid=5942
If you're using an older version, this should still work fine so long as
the URL in the -h option to slapd exactly matched the URL in serverID (make
sure the all slashes are present, etc).
Preferably, use the latest release, though, to avoid other such bugs now
fixed :)
Jonathan
Post by Néher Márton
Hi,
I have just set up openldap on two nodes (alpha, beta). I am using
openldap for a passdb backend for samba.
http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
To a point, everything seems to work just fine, the cn=config
replication works both ways.
After deleting everything from my base, I run smbldap-populate on
the node alpha.
It creates the default users, groups pretty fine, but it failed to
replicat to node beta.
http://pastebin.com/Ykhvq4BY
http://pastebin.com/KNwgHQDW
http://pastebin.com/mT5A4K5i
http://pastebin.com/kwBNEaeV
http://pastebin.com/FsPaKK90
I have the olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
and olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config set to
olcOverlay: {0}syncprov
I have nothing in slapd.conf
Do you know where to search this problem? What other logs should i
attach to figure it out?
Have a nice day,
Best Regards,
Marton, Neher
--
--------------------------------------------------------------
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
Hugo Monteiro
2010-04-25 17:15:33 UTC
Permalink
Post by Néher Márton
Okay, i found the bug.
It was about the olcServerID.
My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2
ldap://beta-int/, which is correct.
But if I start my openldap as ubuntu says (/usr/sbin/slapd -h
ldap://beta-int/ ldap://127.0.0.1:389/ <http://127.0.0.1:389/>
ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d/), it does not
recognise that he is beta-int. Only if I start it with only the
ldap://beta-int/ parameter. But I really need the other two interfaces
as well.
What can I do now with it?
Thanks,
BR,
Márton Néher
Hello Márton,


If you only have two interfaces, or you have more but you don't mind
slapd to listen on those too, you can always specify the urls like
ldap:/// ldaps:/// ldapi:///. Since it's an ubuntu machine, and i'm
assuming it's similar to debian, you should check /etc/default/slapd for
those options.

Regards,

Hugo Monteiro.
--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email : ***@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt ***@fct.unl.pt

fct.unl.pt:~# _
Néher Márton
2010-04-26 13:03:24 UTC
Permalink
Post by Néher Márton
Okay, i found the bug.
It was about the olcServerID.
My cn=config showed olcServerID: 1 ldap://alpha-int/, olcServerID: 2
ldap://beta-int/, which is correct.
But if I start my openldap as ubuntu says (/usr/sbin/slapd -h
ldap://beta-int/ ldap://127.0.0.1:389/ ldapi:/// -g openldap -u openldap
-F /etc/ldap/slapd.d/), it does not recognise that he is beta-int. Only if I
start it with only the ldap://beta-int/ parameter. But I really need the
other two interfaces as well.
What can I do now with it?
Thanks,
BR,
Márton Néher
Hello Márton,
If you only have two interfaces, or you have more but you don't mind slapd
to listen on those too, you can always specify the urls like ldap:///
ldaps:/// ldapi:///. Since it's an ubuntu machine, and i'm assuming it's
similar to debian, you should check /etc/default/slapd for those options.
Regards,
Hugo Monteiro.
Hi Hugo,
Actually the use of FQDN solved the problem, I only tried to suggest that
there might be some issues with the serverID ~ argv matcher. Actually since
the documentation says that I should use FQDN, it is not even a bug. I would
suggest that the matcher could be improved or there should be an emphasis on
the FQDNs in the documentation.
The URLs could be a work-around, but I don't want to bother with ldaps in a
test-environment. Anyway, It is working now at me.

Thank you very much for your help and suggestions,
Best Regards,
Márton Néher

Loading...