D
D
Dmitry Aitkulov2015-09-03 09:52:30
System administration
Dmitry Aitkulov, 2015-09-03 09:52:30

What's wrong with Openldap replication?

Good afternoon! There are two servers on centos 7. Openldap is running on them. Set up from here . Server names Main and reserv. Replication is configured between them, configured from here .
Synchronization passed and ldap was left alone. Along the way, they tied mail and an asterisk to ldap. Two ldif (asterisk and postfix-book) schemas have been added. master-slave synchronization stopped working. At first I thought that the schemes are not enough. Added schematics, problem not solved. I looked in the log and there:

сен 03 12:25:09 reserv slapd[3031]: <= bdb_equality_candidates: (entryUUID) not indexed
сен 03 12:25:09 reserv slapd[3031]: syncrepl_message_to_entry: rid=001 mods check (objectClass: value #5 invalid per syntax)
сен 03 12:25:09 reserv slapd[3031]: do_syncrepl: rid=001 rc 21 retrying (2 retries left)

What is the reason for the occurrence of such records poke your nose! Thanks
slave server config olcDatabase={2}hdb.ldif
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: 43d5a1b4-bd94-1034-897a-d9f076da28a8
creatorsName: cn=config
createTimestamp: 20150713101835Z
olcSuffix: dc=server,dc=com
olcRootDN: cn=Manager,dc=server,dc=com
olcRootPW:: severt
olcAccess: наши правила 
olcSyncrepl: {0}rid=001 provider=ldaps://main:636 bindmethod=simple binddn="cn=Manager,dc=server,dc=com" credentials=pass searchbase="dc=server,dc=com" scope=sub schemachecking=on type=refreshAndPersist retry="30
  5 300 3" interval=00:00:01:00
entryCSN: 20150903060851.594625Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20150903060851Z

config master server olcDatabase={2}hdb.ldif
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: 27e029ea-aab4-1034-8f66-eba4220ad090
creatorsName: cn=config
createTimestamp: 20150619094900Z
olcRootPW:: pass
olcSuffix: dc=server,dc=com
olcRootDN: cn=Manager,dc=server,dc=com
наши правила
entryCSN: 20150714110803.738973Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20150714110803Z

Answer the question

In order to leave comments, you need to log in

2 answer(s)
D
Dmitry Aitkulov, 2015-10-09
@Scarfase1989

The error was that an extra schema was added to the master server. After adding the schema to the slaves, the problem was solved!
By the way, not a big comment:
objectClass: is the ldap scheme
value #5 invalid per syntax and this is the number under which the scheme itself is located in the /etc/openldap/slapd.d/cn=config/cn=schema directory

A
Alejandro Esquire, 2015-09-05
@A1ejandro

I'm not very good at this myself, what could be the syntax error in the part
rid=001 mods check (objectClass: value #5 invalid per syntax)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question