OpenLDAP Multi Slave setup help

hey guys,



I'm having a problem with dual replication. I'm trying to have Server
A, Replicate to serverB and serverC.

serverB is our failover/query server.
serverC is our ldap/bdb backup sever.

ServerA is running 2.2.14
ServerB is also 2.2.14
ServerC is 2.1.30-r1
These are all gentoo boxes.

Here is the config.
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/simpsons.net.schema

loglevel 512

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

allow bind_v2

access to *
by * write


#SSL Settings
#TLSCipherSuite High
TLSCipherSuite HIGH:+MEDIUM:!LOW
TLSVerifyClient allow
#TLS_REQCERT allow
TLSCertificateFile /etc/openldap/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/openldap/ssl/cacert.pem


database bdb
suffix "dc=simpsons,dc=com"
rootdn "cn=Manager,dc=simpsons,dc=com"
rootpw <password>
directory /home/ldap/simpsons.com
mode 0600
replogfile /home/ldap/slurpd/rep.log

# Indices to maintain
index objectClass eq
index cn pres,eq
index servertype pres,eq
index q-domain pres,eq
index ip-relay pres,eq
index userPassword eq
index domainname,domainalias pres,eq
index hostname,services pres,eq
index mailuseralias,mailuserdir pres,eq
index uid,mailuid,mail,status pres,eq
cachesize 5000
replica uri="ldap://pink.simpsons.com:389"
binddn="cn=Replicant,dc=simpsons,dc=com"
suffix="dc=simpsons,dc=com"
bindmethod=simple
credentials=<password>

replica uri="ldap://brain.simpsons.com:389"
binddn="cn=Replicant,dc=simpsons,dc=com"
suffix="dc=simpsons,dc=com"
bindmethod=simple
credentials=<password>

It seems that the replog is building it self as

replica <host>
replica <host2>
modifications here



After that when slurpd runs, it only replicates to one server. That
being the first directive that's placed (ServerB).
It does replicated fine to the first. I just don't see anything coming
in on the second server. My problem here lies with
the fact that the first server is a live server, that's used as a
email authentication system. So I have to keep debugging to a minimum.
Any suggestions would greatly be appreciated.

also:

> the only difference from my config is that I have the replog file before
> the first replica statement in slapd.conf

originally I had it like this. I figured that maybe each directive
could have its own directive for a replog,
later to realize that slurpd will only check one of them. This is a
straight out of the box gentoo ldap install,
so the master box is just using the init scripts. My one slave box is
taking replications from multiple master single replication
boxes. The only one I'm having a problem with is with this dual
replication master.


> You should have a rep.log and rep.log.lock in /home/ldap/slurpd/rep.log
> and you should have slurpd's own files which are probably in
> /usr/local/var/openldap-slurp/replica. Note that the replog file that
> slapd writes to *must* be different from the files used by slurpd.
> slurpd makes its own copy of the data changes before pushing them out to
> your servers. If one of your servers is not getting the changes then
> there should be a .rej file which should explain why.

I see both the slurpd.status and the slurpd.replog files. Is the
slurpd.replog an untouched file that just collects what changes
have been made without ever clearing the file like the actual replog
file created from the directive? my rej files are out of date,
so I will assume there hasn't been any errors that they have been
collecting. They're dated for the 23rd of Sept. I just started this
whole dual replication system this week, so I believe I can safely
assume that it should be working.

In the slurpd.status file it has both servers listed on separate lines
with the <host>:<port>:<not to sure what this is>:<single digit,
either a 0 or 2)
so they look like:

pink.simpson.com:389:1097153036:0
brain.simpson.com:389:1095970710:2

any suggestions would be greatly appreciated.


Chris Celebi