[Samba] LDAP backend replication?

Daniel Müller mueller at tropenklinik.de
Thu Apr 21 06:13:10 MDT 2011 

Do you want a multi master update? Or a master slave?

Master you need: moduleload     syncprov.la; ServerId of your Servers,

And this are my settings working:

syncrepl   rid=1
          provider=ldap://ctdb1.ldap.net
          searchbase="dc=ldap,dc=net"
          type=refreshAndPersist
          retry="5 10 30 +"
          filter="objectClass=*"
          scope=sub
          attrs="*,+"
          sizelimit=unlimited
          timelimit=unlimited
          bindmethod=simple
          binddn="cn=administrator,dc=ldap,dc=net"
          credentials=password


syncrepl   rid=2
          provider=ldap://ctdb2.ldap.net
          searchbase="dc=ldap,dc=net"
          type=refreshAndPersist
          retry="5 10 30 +"
          filter="objectClass=*"
          scope=sub
          attrs="*,+"
          sizelimit=unlimited
          timelimit=unlimited
          bindmethod=simple
          binddn="cn=administrator,dc=ldap,dc=net"
          credentials=password

mirrormode on
syncprov-checkpoint 20 1
syncprov-sessionlog 100
database monitor

Good Luck
Daniel
-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von nyali
Gesendet: Sonntag, 17. April 2011 19:46
An: samba at lists.samba.org
Betreff: Re: [Samba] LDAP backend replication?

hi jakov

i am using LDAP for my central authentication with kerberos backen db (ldap)
, samba , mail srever(postfix) . my all servers all running debian etch with
slapd 2.3 . I use slurpd for replication to all my ldap slave servers , my
master pulls to slave.  Now i am upgrading one by one all my servers to
lenny. I upgrade my LDAP server first to lenny and all my kerberos and
postfix are running on lenny all ok but this make slapd 2.4 and its my
master server , all slave are not getting replicated updates as they were on
slurpd . i am changing them in synrepl. my master slapd.conf is 


# MD5SUM:
#
allow           bind_v2
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/hdb.schema
include         /etc/ldap/schema/qmail.schema
include         /etc/ldap/schema/ISPEnv2.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/evolutionperson.schema
include         /etc/ldap/schema/sudo.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0

modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      smbk5pwd.so
moduleload      syncprov.so


sizelimit 500
tool-threads 1

backend         bdb
database        bdb
overlay         smbk5pwd
overlay         syncprov

suffix          "dc=example,dc=pk"
directory       "/var/lib/ldap"
checkpoint      128 5
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

#syncprov-checkpoint 1 1
syncprov-checkpoint 100  10
syncprov-sessionlog 200
syncprov-nopresent TRUE
syncprov-reloadhint TRUE


#
# Indexes for BDB
#
index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn                      eq,subinitial,pres
index   mail                    pres,eq
index   krb5PrincipalName,krb5PrincipalRealm pres,eq
index   sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index   sudoUser                                        eq
index   entryCSN,entryUUID                      eq
lastmod         on

#
# SASL settings
#
sasl-realm      EXAMPLE.PK
sasl-host       hades.example.pk
sasl-secprops   minssf=0
sasl-regexp uid=(.*),cn=example.pk,cn=gssapi,cn=auth
uid=$1,ou=people,dc=example,dc=pk
sasl-regexp "gidnumber=0\\\+uidnumber=0,cn=peercred,cn=external,cn=auth"
"krb5PrincipalName=example/admin at example.pk,ou=kerberos,dc=example,dc=pk"

#
# Password hashes
#
#password-hash {K5KEY}

#
# TLS and SSL support
#
#TLSCertificateFile      /etc/ssl/server-certs/hades-server.crt
#TLSCertificateKeyFile   /etc/ssl/server-keys/hades-server.key

#
# ACL Include file
#
include /etc/ldap/slapd.access

#
# Define replication
#


slave slapd.conf

syncrepl rid=1
  provider=ldap://hades.pk:389
    type=refreshAndPersist
            searchbase="dc=example,dc=pk"
                filter="(objectClass=*)"
                scope=sub
                schemachecking=off
                    bindmethod=simple
                        binddn="cn=admin,dc=example,dc=pk"
                            credentials=123
                          logbase="cn=deltalog"
                         
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"



please help me what i am missing





--
View this message in context:
http://samba.2283325.n4.nabble.com/LDAP-backend-replication-tp2456235p345582
9.html
Sent from the Samba - General mailing list archive at Nabble.com.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list