Topic: Master Slave OpenLDAP replication Issue
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.3
- Linux/BSD distribution name and version: CentOS Linux release 7.2.1511 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====
Hi,
I have been trying to achieve master slave openldap replication on my both servers by applying following settings:
Master Server slapd.conf changes:
#Global changes:
moduleload syncprov
#Replication settings for master replication server (At the end of the file)
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
Slave Server slapd.conf changes:
#Global changes:
moduleload syncprov
#Slave replication settings pointing to slave server
overlay syncprov
syncprov-checkpoint 10 1
syncprov-sessionlog 100
syncrepl rid=1
provider="ldap://slave.server.com"
type=refreshAndPersist
interval=00:00:00:10
retry="5 10 60 +"
timeout=1
schemachecking=off
searchbase="dc=mydomain,dc=co,dc=uk"
filter="(objectClass=*)"
scope=sub
attrs="*,+"
bindmethod=simple
binddn="cn=Manager,dc=mydomain,dc=co,dc=uk"
credentials="secret-from-tips-file"
Upon applying above settings and restarting slapd, slave server went into Temporary lookup failure error in mail processing
Sample error in maillog:
Jan 12 21:29:21 mail1 postfix/smtpd[4479]: NOQUEUE: reject: RCPT from unknown[10.0.0.28]: 451 4.3.0 <test@mydomain.co.uk>: Temporary lookup failure; from=<test@mydomain.co.uk> to=<test2@externaldomain.com> proto=ESMTP helo=<ALERTSVR>
Jan 12 21:29:57 mail1 postfix/trivial-rewrite[2943]: warning: virtual_mailbox_domains lookup failure
Jan 12 21:29:57 mail1 postfix/trivial-rewrite[2943]: warning: virtual_mailbox_domains lookup failure
Upon checking I found out that cn=vmail user's password was the issue which was giving error. (Don't know how the password got changed, might be due to master replication), I reset the password using ldapadmin.exe in windows, removed slave settings from server and tried checking if it is alone working. It started working. Again I tried with slave replication and DONE. with same settings nothing changed, it started working. Using my iRedAdmin-Pro panel I can create user on master server and it is instantly created on slave server.
BUT
Upon checking ldap structure on slave server using ldapadmin.exe in windows, I am seeing that under my domains structure, USERS OU is missing, its not showing at all. however admin-pro panel is showing every users, replication working fine no issues.
Just would like to know is it default for replication that USERS OU is not showing? Or something has happened to OPENLDAP structure?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.