All,
After many hours of research I have found there is a incompatibility between OpenLDAP V2.3.x and V2.2.x, or atleast between V2.3.27 the current version on CentOS V5 and V2.2.13 the current version on CentOS V4.
The syncrepl feature of OpenLDAP, to keep multiple slapd servers sync'd, was working between CentOS 4 and 5 at one time, as that is how I populated the "slave" servers.
I've found references indicating protocol changes and incompatibilities between these versions and indeed looking at detailed debugging logs I can see the protocol falling apart between the two versions.
Has anyone else seen this issue? Is anyone aware of a fix in the pipeline or a work around?
Thanks in advance,
Brett
Brett Serkez wrote:
Has anyone else seen this issue? Is anyone aware of a fix in the pipeline or a work around?
Compile the source rpm from centos 5.x on a 4.x system and upgrade the 4.x systems to it ? (short of upgrading the entire OS to 5.x if you don't want to do that it can be a major change depending on your environment)
nate
nate wrote:
Brett Serkez wrote:
Has anyone else seen this issue? Is anyone aware of a fix in the pipeline or a work around?
Compile the source rpm from centos 5.x on a 4.x system and upgrade the 4.x systems to it ? (short of upgrading the entire OS to 5.x if you don't want to do that it can be a major change depending on your environment)
I tried to do that, as I wanted to have LDAP overlays (hey, anyone who wants to test those on CentOS 5 - there are packages in the testing repository).
And I found out that you don't want to do that. There are too many packages which are built against openldap, you'd end up rebuilding a rather large part of the distribution.
Ralph
On Thu, 2008-06-12 at 00:08 +0200, Ralph Angenendt wrote:
nate wrote:
Brett Serkez wrote:
Has anyone else seen this issue? Is anyone aware of a fix in the pipeline or a work around?
Compile the source rpm from centos 5.x on a 4.x system and upgrade the 4.x systems to it ? (short of upgrading the entire OS to 5.x if you don't want to do that it can be a major change depending on your environment)
I tried to do that, as I wanted to have LDAP overlays (hey, anyone who wants to test those on CentOS 5 - there are packages in the testing repository).
And I found out that you don't want to do that. There are too many packages which are built against openldap, you'd end up rebuilding a rather large part of the distribution.
---- there are a number of people that do exactly that and in fact, if you go on the openldap-software list, they will tell you that if you expect openldap to function, that you need to build it from source (either 2.3.37 (or whatever the latest is in 2.3) or 2.4.9 (or whatever the latest is).
IIRC, you have to build from source... - openssl - kerberos - cyrus-sasl - db4 - openldap
I built everything in /usr/local and just left the distribution packages intact and it worked.
I believe that Buchan Milne offers rpm packages that can install on CentOS-4 and certainly Symas/Connexitor has rpm packages that you can install but it wasn't that hard to build it from source.
That said, I don't recall syncrepl ever working in 2.2.x and have used slurpd for replicating with 2.2 but if the OP says he thinks he had it running, well, I'm not gonna argue with him.
Craig
Craig White wrote:
On Thu, 2008-06-12 at 00:08 +0200, Ralph Angenendt wrote:
I tried to do that, as I wanted to have LDAP overlays (hey, anyone who wants to test those on CentOS 5 - there are packages in the testing repository).
And I found out that you don't want to do that. There are too many packages which are built against openldap, you'd end up rebuilding a rather large part of the distribution.
IIRC, you have to build from source...
- openssl
- kerberos
- cyrus-sasl
- db4
- openldap
I built everything in /usr/local and just left the distribution packages intact and it worked.
On my CentOS 5 install there are about 33 packages requiring a certain version of libldap and liblber.
Ralph
On Thu, 2008-06-12 at 00:36 +0200, Ralph Angenendt wrote:
Craig White wrote:
On Thu, 2008-06-12 at 00:08 +0200, Ralph Angenendt wrote:
I tried to do that, as I wanted to have LDAP overlays (hey, anyone who wants to test those on CentOS 5 - there are packages in the testing repository).
And I found out that you don't want to do that. There are too many packages which are built against openldap, you'd end up rebuilding a rather large part of the distribution.
IIRC, you have to build from source...
- openssl
- kerberos
- cyrus-sasl
- db4
- openldap
I built everything in /usr/local and just left the distribution packages intact and it worked.
On my CentOS 5 install there are about 33 packages requiring a certain version of libldap and liblber.
---- as I said, I just left the distribution packages intact and built everything in /usr/local
Craig
On Thu, 2008-06-12 at 00:36 +0200, Ralph Angenendt wrote:
Craig White wrote:
On Thu, 2008-06-12 at 00:08 +0200, Ralph Angenendt wrote:
I tried to do that, as I wanted to have LDAP overlays (hey, anyone who wants to test those on CentOS 5 - there are packages in the testing repository).
And I found out that you don't want to do that. There are too many packages which are built against openldap, you'd end up rebuilding a rather large part of the distribution.
IIRC, you have to build from source...
- openssl
- kerberos
- cyrus-sasl
- db4
- openldap
I built everything in /usr/local and just left the distribution packages intact and it worked.
On my CentOS 5 install there are about 33 packages requiring a certain version of libldap and liblber.
---- and I'll add one more thing...
I think these are Buchan Milne's rpm packages here for updated openldap that you can drop in as replacements...
http://staff.telkomsa.net/packages/
but I've never used them myself
Craig
On Wed, Jun 11, 2008 at 6:24 PM, Craig White craigwhite@azapple.com wrote:
That said, I don't recall syncrepl ever working in 2.2.x and have used slurpd for replicating with 2.2 but if the OP says he thinks he had it running, well, I'm not gonna argue with him.
syncrepl 2.2.x works fine between CentOS 4 systems as installed via yum. I just used this today, made changes on the master that I needed on to use on the slave, the replication was instant.
The issue is between 2.2.x and 2.3.x. What I said I thought worked was replication from CentOS 4.x to CentOS 5.x (ie. 2.2.x -> 2.3.x), as when I brought the CentOS 5.x on-line and started slapd, the LDAP database was almost instantly available. I never used any other method to load the LDAP data on the CentOS 5.x system from the CentOS 4.x master.
It is only recently that I noticed the replication failing, I believe after a recent yum update.
I have looked at using yum to regress the version of LDAP on the CentOS 5.x system, but it seems I needed to have turned on a yum option before the update to do this. I also noticed all the dependencies as far as trying to build myself.
My assumption is that eventually newer versions of LDAP will be available that will work.
Brett
Brett Serkez wrote:
On Wed, Jun 11, 2008 at 6:24 PM, Craig White craigwhite@azapple.com wrote:
That said, I don't recall syncrepl ever working in 2.2.x and have used slurpd for replicating with 2.2 but if the OP says he thinks he had it running, well, I'm not gonna argue with him.
syncrepl 2.2.x works fine between CentOS 4 systems as installed via yum. I just used this today, made changes on the master that I needed on to use on the slave, the replication was instant.
The issue is between 2.2.x and 2.3.x. What I said I thought worked was replication from CentOS 4.x to CentOS 5.x (ie. 2.2.x -> 2.3.x), as when I brought the CentOS 5.x on-line and started slapd, the LDAP database was almost instantly available. I never used any other method to load the LDAP data on the CentOS 5.x system from the CentOS 4.x master.
It is only recently that I noticed the replication failing, I believe after a recent yum update.
I have looked at using yum to regress the version of LDAP on the CentOS 5.x system, but it seems I needed to have turned on a yum option before the update to do this. I also noticed all the dependencies as far as trying to build myself.
My assumption is that eventually newer versions of LDAP will be available that will work.
There is an openldap in the CentOS Testing repo for centos-4 that will work with centos-5.
It has a compat-openldap-<c4_version> for the things that are compiled against the c4 version ... and i am using it in production and syncing c5 and c4.
However, it is a couple updates behind.
The version is openldap-2.3.27-4.el4.centos
Thanks, Johnny Hughes
There is an openldap in the CentOS Testing repo for centos-4 that will work with centos-5.
It has a compat-openldap-<c4_version> for the things that are compiled against the c4 version ... and i am using it in production and syncing c5 and c4.
This works great! Thanks for the tip, this is just what I was looking for.
However, it is a couple updates behind.
The version is openldap-2.3.27-4.el4.centos
This is the same version as CentOS 5, perfect.
Brett
-
Brett Serkez -
Craig White -
Johnny Hughes -
nate -
Ralph Angenendt