I am trying to syncrhonize a ldap slave and master server. The master server is using openldap 2.3.43-12 and the slave server is using openldap 2.4.23. I copied over the files in /var/lib/ldap, started the server and got this error:
Oct 22 16:16:41 xe-ldap-slave1 slapd[12111]: bdb(dc=mydomaine,dc=fr): Program version 4.7 doesn't match environment version 4.4
Oct 22 16:16:41 xe-ldap-slave1 slapd[12111]: bdb_db_open: database "dc=mydomaine,dc=fr" cannot be opened, err -30971. Restore from backup!
Oct 22 16:16:41 xe-ldap-slave1 slapd[12111]: bdb(dc=mydomaine,dc=fr): txn_checkpoint interface requires an environment configured for the transaction subsystem
Oct 22 16:16:41 xe-ldap-slave1 slapd[12111]: bdb_db_close: database "dc=mydomaine,dc=fr": txn_checkpoint failed: Invalid argument (22).
Oct 22 16:16:41 xe-ldap-slave1 slapd[12111]: backend_startup_one (type=bdb, suffix="dc=mydomaine,dc=fr"): bi_db_open failed! (-30971)
Oct 22 16:16:41 xe-ldap-slave1 slapd[12111]: bdb_db_close: database "dc=mydomaine,dc=fr": alock_close failed
I have used the db_upgrade command to upgrade the database files on the new slave server, but I still get the same error when starting slapd.
The master server is Centos 5.5 32bit & openldap 2.3.43-12
The slave server is Centos 6.3 64 bit & openldap 2.4.23
Everything was installed using yum.
What is the proper method to synchronize database files from an ldap master server and slave server when the slave server is more recent then the master?
I have followed the suggestion from 84104, but I am getting an error on the slave
syncrepl configuration
syncrepl rid=003
provider=ldaps://ldap0.lan.myserver.net:636
bindmethod=simple
binddn="cn=syncuser,dc=mydomaine,dc=fr"
scope=sub
attrs="*"
credentials=some_password
searchbase="dc=mydomaine,dc=fr"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
schemachecking=on
type=refreshAndPersist
retry="60 +"
syncdata=accesslog
This syncrepl configuration is working fine on the other slave servers.
Here is the error on the slave:
Oct 23 18:28:30 xe-ldap-slave1 slapd[1415]: slap_client_connect: URI=ldaps://ldap0.lan.myserver.com:636 DN="cn=syncuser,dc=mydomaine,dc=fr" ldap_sasl_bind_s failed (-1)
Oct 23 18:28:30 xe-ldap-slave1 slapd[1415]: do_syncrepl: rid=003 rc -1 retrying
Here is the error on the master:
Oct 23 18:29:30 ldap0 slapd[15265]: conn=201 fd=35 ACCEPT from IP=192.168.150.100:47690 (IP=0.0.0.0:636)
Oct 23 18:29:30 ldap0 slapd[15265]: conn=201 fd=35 closed (TLS negotiation failure)
I can do an ldap search on the master just fine with the user configured for synchronization from the new slave server.
ldapsearch -LLL -x -H ldaps://192.168.150.99:636 -x -W -b dc=mydomaine,dc=fr-D"cn=syncuser,dc=mydomaine,dc=fr"
Best Answer
LDAP replication under
syncreplis quite robust. The servers don't have to be the same version, they just need to understand each other. (Proper multi-master requires 2.4.X, but that's not what you're asking about as far as I can tell.)"The consumer replica can be constructed from a consumer-side or a provider-side backup at any synchronization status."Most notably in this case, is thatsyncreplcan create a proper replica on a server which has never been synced before by any method.What do to:
slapd/var/lib/ldap(exceptDB_CONFIG)syncreplorolcsyncrepldirective is correctslapdNote: Use of certain overlays (e.g. memberof) will cause you to lose (override) the
operational attributescreatorsNameandcreateTimestampon the replica, but otherwise everything will be the same.