Zimbra LDAP replicates to RHEL ldap - problem?

[jsosic]

Hi.

I've set up zimbra ldap as master, and I want to use RHEL v5 ldap as a slave. This is relevant part of my slapd.conf on RHEL:

Code:

# syncrepl directives
syncrepl  rid=101
	provider=ldap://192.168.1.86
	bindmethod=simple
	binddn="uid=zimbra,cn=admins,cn=zimbra"
	credentials=PASSword
	searchbase="dc=company,dc=com"
#logbase="cn=accesslog"
#logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
	schemachecking=on
	type=refreshAndPersist
	#type=refreshOnly
        #interval=00:01:00:00
	retry="60 +"
	syncdata=accesslog

# Refer updates to the master
updateref		ldap://192.168.1.86

Problem is, when I add user to Zimbra, it does not propagate immediately to slave LDAP. I don't even know what the interval is, I've never seen it happen in a few minutes after the Master LDAP update...

Am I missing something? Shouldn't "refreshAndPersist" do it without any delay? Should I run someting on zimbra side, or is the sync from zimbra 6.0.3 to ldap 2.3 on RHEL v5 impossible?

After I restart slave ldap, all the new enteries appear magically.

I'm really confused. Thank you.

[phoenix]

Replication is between Zimbra LDAP instances not an external LDAP, if you haven't seen it already you should read the Multi-Server Installation Guide (Chapter 5) for further details.

[jsosic]

OK, I know it is not supported, but I am asking for a advice for my kind of setup. I am using Zimbra because it can be integrated with all other kind of software.

I've solved this issue, by changing my config to:

Code:

# syncrepl directives
syncrepl  rid=101
	provider=ldap://IP
	bindmethod=simple
	binddn="uid=zimbra,cn=admins,cn=zimbra"
	credentials=PASSword
	searchbase="dc=company,dc=com"
	logbase="cn=accesslog"
	logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
	schemachecking=on
	type=refreshAndPersist
	#type=refreshOnly
        #interval=00:01:00:00
	retry="60 +"
	syncdata=accesslog

# Refer updates to the master
updateref		ldap://IP

Note the logbase and logfilter enteries, they were the initial problem.

Also, now I have another issue with Samba. I have this in my log:

Code:

[2010/02/10 16:10:02, 5] lib/smbldap.c:rebindproc_connect_with_state(855)
  rebindproc_connect_with_state: Rebinding to ldap://IP_ADDR/sambaDomainName=DOMAIN,dc=company,dc=com as "uid=root,ou=people,dc=zimbra,dc=company,dc=com"
[2010/02/10 16:10:02, 3] passdb/passdb.c:samu_set_unix_internal(217)
  Could not allocate a new RID

Machines can't join domain, I get "Access denied" error in Windows.

I guess problem is the user I'm binding samba to slave LDAP with. Slave LDAP correctly points Samba to master LDAP when samba is to issue an update, but I guess samba uses the same ldap bind dn for both LDAP's, and I have different ones.

Question is, how to give some LDAP user, for example "uid=root,ou=people,dc=zimbra,dc=company,dc=co m" administration privileges on Zimbra ldap?