[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Selective replication (ITS#3299)



I tried the replica attr change requested, then ran slapd -t.  Here are 
the results:

<< snip from slapd.conf>>
replica host=mother.bates.edu:389
        binddn="cn=Manager,dc=bates,dc=edu"
        credentials=passwd
        bindmethod=simple
        suffix="ou=People,dc=bates,dc=edu"
        attr="objectClass,!posixAccount"
<<end snip>>

slapd -t -d 1
@(#) $OpenLDAP: slapd 2.1.25 (Feb 11 2004 16:39:39) $
        
rspell@mother.bates.edu:/home/rspell/Src/openldap-2.1.25/servers/slapd
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
...
/usr/local/etc/openldap/slapd.conf: line 87: attribute "!posixAccount" 
in "replica" line is unknown
config check failed
slapd shutdown: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.


I also tried:
<< snip from slapd.conf>>
replica host=mother.bates.edu:389
        binddn="cn=Manager,dc=bates,dc=edu"
        credentials=passwd
        bindmethod=simple
        suffix="ou=People,dc=bates,dc=edu"
        attr=objectClass
        attr!=posixAccount
<<end snip>>


 > /etc/init.d/openldap start
attr selective replication directive 'posixAccount' conflicts with 
previous one (discarded)

Karen R. McArthur, Systems Administrator
Bates College, Information and Library Services
Lewiston, Maine 04240
(207) 786-8236 fax:(207) 786-6057
kmcarthu@bates.edu



Pierangelo Masarati wrote:

> kmcarthu@bates.edu wrote:
>
>> Full_Name: Karen R McArthur
>> Version: 2.1.29
>> OS: RedHat 8.0
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (134.181.129.178)
>>
>>
>> Goal: set up master/slave ldap servers - the slave will be public 
>> white paper
>> server, so it should not contain posix data.  The master will be for 
>> single-sign
>> on.
>>
>> Process:
>> Set up a master and slave with identical structure:
>>   created a 'core.ldif' file which is just the top level stuff
>>   "slapadd -l core.ldif" on both conf files
>>   started slapd (both master and slave)
>>   replica and updatedn lines from conf files below
>>
>> Loaded the data to the master
>>   ran "ldapadd -f data.ldif" on the master
>>   replog file is created
>>
>> Started slurpd
>>
>> Results:
>> The "suffix=" line is working as expected - no "Group" data is passed
>> The "attr!=" line is not working (fully) as expected
>>   all data EXCEPT posixAccount data is passed to the replog file (as 
>> expected)
>>   posixAccount objectClass not passed to replog file (as expected)
>>   no objectClass AT ALL is passed to the replog file (not expected)
>>
>
> I think the correct approach is
>
>    attr="objectClass,!posixAccount"
>
> i.e. explicitly list all the attributes required/allowed by posixAccount
> __BEFORE__ negating posixAccount itself.
>
> p.
>
>>
>> When slapd starts up: objectClass violations due to no objectClass being
>> created.
>>
>> <<snip from data.ldif>>
>> dn: uid=kmcarthu,ou=People,dc=example,dc=com
>> objectClass: inetOrgPerson
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: posixAccount
>> objectClass: krb5Principal
>> objectClass: account
>> objectClass: eduPerson
>> cn: Karen McArthur
>> sn: McArthur
>> mail: kmcarthu@example.com
>> uid: kmcarthu
>> krb5PrincipalName: kmcarthu@KDC.EXAMPLE.COM
>> uidNumber: 5230
>> gidNumber: 107
>> homeDirectory: /path/to/$HOME
>> loginShell: /usr/ucb/csh
>> gecos: Karen McArthur
>> userPassword:: <<encrypted string>>
>> host: host1.example.com
>> host: host2.example.com
>> title: Sys Admin
>> ou: Information & Library Services
>> postalAddress: 110 Russell Street
>> eduPersonAffiliation: staff
>> eduPersonPrimaryAffiliation: staff
>> << end of snip>>
>>
>> <<master.conf>>
>> replogfile /usr/local/var/openldap-slurp/slapd.replog
>> replica host=ldap.example.com:389
>>        binddn="cn=Replicate,dc=example,dc=com"
>>        credentials=secret
>>        bindmethod=simple
>>        suffix="ou=People,dc=example,dc=com"
>>        attr!=posixAccount
>>
>> << slave.conf>>
>> updatedn "cn=Replicate,dc=example,dc=com"
>>        credentials=secret
>>        bindmethod=simple
>> updateref host=ldap.example.com:389
>>  
>>
>
>
>
>
>
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497