LDAP Configuration - Master & Slave

[kral]

Cool.
I read your previous post a bit too quickly and notice now that with previous ldapsearch command, you didn't specify "-h" option for host 
In such case, you are looking at local ldap server on 127.0.0.1 that is maybe not up and running.
from slave, if you want to check master ldap visibility and status, you must specify host attribute.

Your tests with telnet are showing that remote (master) ldap server is visible.
Now replication require slave server to run too  did you check status on slave side?
- is port 389 up and ldap process running etc...
- what's about slave status in Zentyal
- there is also one aspect with certificate that may require your attention. did you pay attention to this during slave installation? (I definitely need to install LDAP slave again with 2.0  )

ldapsearch -xLLL -h "dc=thor,dc=myn3twork" uid=1 sn givenName cn   ?

The info you asked:

sysadmin@Thor:~$ telnet 172.16.10.10 389
Trying 172.16.10.10...
Connected to 172.16.10.10.
Escape character is '^]'.

sysadmin@Thor:~$ telnet hermod 389
Trying 172.16.10.10...
Connected to hermod.myn3twork.
Escape character is '^]'.



LDAP information

Base DN:    dc=Thor,dc=myn3twork
Root DN:    cn=ebox,dc=Thor,dc=myn3twork
Password:    *****************
Users DN:    ou=Users,dc=Thor,dc=myn3twork
Groups DN:    ou=Groups,dc=Thor,dc=myn3twork



Interesting ports on localhost (127.0.0.1):
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
389/tcp  open  ldap
443/tcp  open  https
5432/tcp open  postgresql

Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds


sysadmin@Hermod:~$ service --status-all
 [ ? ]  acpid
 [ ? ]  anacron
 [ + ]  apache2
 [ - ]  apparmor
 [ ? ]  atd
 [ - ]  bootlogd
 [ ? ]  bridge-network-interface
 [ + ]  collectd
 [ ? ]  console-setup
 [ ? ]  cron
 [ ? ]  dbus
 [ - ]  ddclient
 [ ? ]  dmesg
 [ ? ]  dns-clean
 [ ? ]  failsafe-x
 [ - ]  grub-common
 [ ? ]  hostname
 [ ? ]  hwclock
 [ ? ]  hwclock-save
 [ ? ]  irqbalance
 [ ? ]  killprocs
 [ ? ]  libnss-ldap
 [ ? ]  lxdm
 [ ? ]  module-init-tools
 [ ? ]  network-interface
 [ ? ]  network-interface-security
 [ ? ]  networking
 [ + ]  ntp
 [ ? ]  ondemand
 [ ? ]  openvpn
 [ ? ]  plymouth
 [ ? ]  plymouth-log
 [ ? ]  plymouth-splash
 [ ? ]  plymouth-stop
 [ + ]  postgresql-8.4
 [ ? ]  pppd-dns
 [ ? ]  procps
 [ ? ]  quagga
 [ + ]  quota
 [ - ]  quotarpc
 [ ? ]  rc.local
 [ - ]  redis-server
 [ - ]  rsync
 [ ? ]  rsyslog
 [ ? ]  screen-cleanup
 [ ? ]  sendsigs
 [ + ]  slapd
 [ + ]  ssh
 [ ? ]  stop-bootlogd
 [ ? ]  stop-bootlogd-single
 [ ? ]  udev
 [ ? ]  udev-finish
 [ ? ]  udevmonitor
 [ ? ]  udevtrigger
 [ ? ]  ufw
 [ ? ]  umountfs
 [ ? ]  umountnfs.sh
 [ ? ]  umountroot
 [ - ]  urandom
 [ ? ]  wpa-ifupdown
 [ - ]  x11-common
 [ ? ]  zentyal

Certificate?!?!? i installed ldap in zentyal GUI

Users and Groups
Mode
Master

Then enabled the module.

And the following info shown up:

Base DN:    dc=Thor,dc=myn3twork
Root DN:    cn=ebox,dc=Thor,dc=myn3twork
Password:    ****************
Users DN:    ou=Users,dc=Thor,dc=myn3twork
Groups DN:    ou=Groups,dc=Thor,dc=myn3twork

And on the slave i selected slave mode, putted the IP and the master password.

Another thing:
# Hermod, slaves, Thor.myn3twork
dn: hostname=Hermod,ou=slaves,dc=Thor,dc=myn3twork
objectClass: slaveHost
hostname: Hermod
port: 443  ? port 443 why 443?

[kral]

Hello, anyone as any idea how can i solve my issue?

[christian]

I need to reinstall my test server in the next coming days. I will give a try and let you know how it works for me when I set up slave LDAP.

[kral]

I need to reinstall my test server in the next coming days. I will give a try and let you know how it works for me when I set up slave LDAP.

Tks Christian!!!

[christian]

Here we are! I've reinstalled from scratch test server (2.2rc2) and for the time being, I cant have successful replication.

Indeed port 443 is strange.
Another point to notice: error message I got in (slave) syslog
Aug 30 21:54:50 testserver slapd[20264]: syncrepl_message_to_entry: rid=110 mods check (objectClass: value #3 invalid per syntax)
Aug 30 21:54:50 testserver slapd[20264]: do_syncrepl: rid=110 rc 21 retrying (4 retries left)

I'm investigating further 

Then I realize I'm not able to access cn=config on slave... humm   => because there is no cn=ebox account that can be used for authentication here ;-) and access to config is not authorized anonymously... Am I correct?

[christian]

Replying to myself  with most likely the answer 

I can't perform such test if LDAP master is running mail service, can I?

Or something linked with this:
http://trac.zentyal.org/ticket/3082

[kral]

Replying to myself  with most likely the answer 

I can't perform such test if LDAP master is running mail service, can I?

Or something linked with this:
http://trac.zentyal.org/ticket/3082

Tks for your time Christian!!!

Yeap! with any service that depends on users you can't have them in master...

I only have in master and in slave users and groups module, FW and NTP

On the link you refer, in the end someone talks about a package, should i try it? how do i do that?

[kral]

Hi to all,

Christian!! with new 2.2 ldap Master/Slater it's not an issue, works like a charm!!!
Tks for your time!!!