[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Selective replication (ITS#3299)
I tried the replica attr change requested, then ran slapd -t. Here are
the results:
<< snip from slapd.conf>>
replica host=mother.bates.edu:389
binddn="cn=Manager,dc=bates,dc=edu"
credentials=passwd
bindmethod=simple
suffix="ou=People,dc=bates,dc=edu"
attr="objectClass,!posixAccount"
<<end snip>>
slapd -t -d 1
@(#) $OpenLDAP: slapd 2.1.25 (Feb 11 2004 16:39:39) $
rspell@mother.bates.edu:/home/rspell/Src/openldap-2.1.25/servers/slapd
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
...
/usr/local/etc/openldap/slapd.conf: line 87: attribute "!posixAccount"
in "replica" line is unknown
config check failed
slapd shutdown: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
I also tried:
<< snip from slapd.conf>>
replica host=mother.bates.edu:389
binddn="cn=Manager,dc=bates,dc=edu"
credentials=passwd
bindmethod=simple
suffix="ou=People,dc=bates,dc=edu"
attr=objectClass
attr!=posixAccount
<<end snip>>
> /etc/init.d/openldap start
attr selective replication directive 'posixAccount' conflicts with
previous one (discarded)
Karen R. McArthur, Systems Administrator
Bates College, Information and Library Services
Lewiston, Maine 04240
(207) 786-8236 fax:(207) 786-6057
kmcarthu@bates.edu
Pierangelo Masarati wrote:
> kmcarthu@bates.edu wrote:
>
>> Full_Name: Karen R McArthur
>> Version: 2.1.29
>> OS: RedHat 8.0
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (134.181.129.178)
>>
>>
>> Goal: set up master/slave ldap servers - the slave will be public
>> white paper
>> server, so it should not contain posix data. The master will be for
>> single-sign
>> on.
>>
>> Process:
>> Set up a master and slave with identical structure:
>> created a 'core.ldif' file which is just the top level stuff
>> "slapadd -l core.ldif" on both conf files
>> started slapd (both master and slave)
>> replica and updatedn lines from conf files below
>>
>> Loaded the data to the master
>> ran "ldapadd -f data.ldif" on the master
>> replog file is created
>>
>> Started slurpd
>>
>> Results:
>> The "suffix=" line is working as expected - no "Group" data is passed
>> The "attr!=" line is not working (fully) as expected
>> all data EXCEPT posixAccount data is passed to the replog file (as
>> expected)
>> posixAccount objectClass not passed to replog file (as expected)
>> no objectClass AT ALL is passed to the replog file (not expected)
>>
>
> I think the correct approach is
>
> attr="objectClass,!posixAccount"
>
> i.e. explicitly list all the attributes required/allowed by posixAccount
> __BEFORE__ negating posixAccount itself.
>
> p.
>
>>
>> When slapd starts up: objectClass violations due to no objectClass being
>> created.
>>
>> <<snip from data.ldif>>
>> dn: uid=kmcarthu,ou=People,dc=example,dc=com
>> objectClass: inetOrgPerson
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: posixAccount
>> objectClass: krb5Principal
>> objectClass: account
>> objectClass: eduPerson
>> cn: Karen McArthur
>> sn: McArthur
>> mail: kmcarthu@example.com
>> uid: kmcarthu
>> krb5PrincipalName: kmcarthu@KDC.EXAMPLE.COM
>> uidNumber: 5230
>> gidNumber: 107
>> homeDirectory: /path/to/$HOME
>> loginShell: /usr/ucb/csh
>> gecos: Karen McArthur
>> userPassword:: <<encrypted string>>
>> host: host1.example.com
>> host: host2.example.com
>> title: Sys Admin
>> ou: Information & Library Services
>> postalAddress: 110 Russell Street
>> eduPersonAffiliation: staff
>> eduPersonPrimaryAffiliation: staff
>> << end of snip>>
>>
>> <<master.conf>>
>> replogfile /usr/local/var/openldap-slurp/slapd.replog
>> replica host=ldap.example.com:389
>> binddn="cn=Replicate,dc=example,dc=com"
>> credentials=secret
>> bindmethod=simple
>> suffix="ou=People,dc=example,dc=com"
>> attr!=posixAccount
>>
>> << slave.conf>>
>> updatedn "cn=Replicate,dc=example,dc=com"
>> credentials=secret
>> bindmethod=simple
>> updateref host=ldap.example.com:389
>>
>>
>
>
>
>
>
> SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497