[QUOTE][u]Quote by: MacTroll[/u][p]The man pages and openldap.org is probably where I would start.
The O’Reilly book on LDAP isn’t a bad overview, although it doesn’t get very advanced.
Having said that I don’t think your problem has much to do with LDAP.
To ensure that you can slapcat both databases and then diff the outputs. As far as slapcat being broken, that’s specifically around using SSL certs that require a password IIRC.
For your failover issues I’d start looking at the OD client config record in cn=config in the LDAP db and making sure that it lists the master and the replicas correctly.
After that I would do a tcpdump from a client and then pull the cable on the master. See what happens.[/p][/QUOTE]
Thanks for the starting points…
One thing I forgot to add, is that the replica functions properly while the master is online and will authn/authz just fine. Only when the master goes down does the replica fail.
Here is my ldap entry for the replica (IPs obfuscated):
dn: cn=ldapreplicas,cn=config,dc=xxxx,dc=yyy,dc=zzz
cn: ldapreplicas
apple-ldap-replica: ldap://ODmaster.IP
apple-ldap-replica: ldap://ODrep.IP
apple-ldap-writable-replica: ldap://ODmaster.IP
objectClass: apple-configuration
objectClass: top
Here it is in dscl:
apple-ldap-replica: ldap://ODmaster.IP ldap://ODrep.IP
apple-ldap-writable-replica: ldap://ODmaster.IP
cn: ldapreplicas
objectClass: apple-configuration top
AppleMetaNodeLocation: /LDAPv3/FQHN.OD.master
LDAPReadReplicas: ldap://ODmaster.IP ldap://ODrep.IP
LDAPWriteReplicas: ldap://ODmaster.IP
PasswordPlus: ********
RecordName: ldapreplicas
RecordType: dsRecTypeStandard:Config
I’ll take a look at slapcat’ng both the master and replica after hours. Thanks again…
.
.
Comments are closed