[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
replicating subtrees
I'm having a little difficulty. Let me describe what works, and then
what I want and (and what's not working).
Works:
Master ldap.domain.com
Slave1 samba.domain.com
Slave2 webmail.domain.com
If I setup the master server to replicate everything out to both slaves,
no problems.
What I Want:
Obviously, I don't want to put a bunch of Windows password information
out at the webmail site. So I configured a couple of ou's:
ou=samba,o=top
ou=system,o=top
Now I want to replicate only the samba subtree out to the samba ldap
server and the system subtree out to the webmail ldap server. I should
be able to do it, but I've not found the right combination yet. I'm
working with simple auth for right now because plain text allows me to
see what I'm sending over the wire. I'm also working on test machines.
Here's what seems like I should have (but it doesn't work). Please
suggest modifications to make it do what I want:
Master slapd.conf replication:
replogfile /var/log/ldap/replicate.log
replica host=samba.domain.com
binddn="cn=Manager,o=top"
bindmethod=simple
credentials=secret
suffix="ou=samba,o=top"
replica host=webmail.domain.com:50389
binddn="cn=Manager,o=top"
bindmethod=simple
credentials=secret
suffix="ou=system,o=top"
For each of the slave servers:
updatedn "cn=Manager,o=top"
referral ldap://ldap.domain.com
On the slaves, I tried setting the database suffix to both o=top and
ou=samba,o=top|ou=system,o=top. o=top didn't work at all. The other
two created a dn2id.dbb file on the slaves but didn't create anything
in it (and of course no indexes).
The samba users will exist as uid=username,ou=People,ou=samba,o=top and
the webmail users will exist as uid=username,ou=People,ou=system,o=top.
The webmail site will NOT generate a referral to any other servers
because it will be configured to not generate any searches for ou=samba,
and the same applies for the samba site configuration.
I'm in the process of starting slapd in debug mode so I can see what's
going on, but so far, no dice. I saw several references to replication
in the archives, but I've not found any messages yet that deal with
replicating subtrees (and very little is mentioned in the
Administrator's guide, only that it can be done)
I have more goals, but I don't want to complicate the view here. I just
want to get subtree replication working first, then work on the next
step.
Anything glaringly wrong?
--
Blue skies... Todd
| Get a bigger hammer! | Are you feeling lucky...punk? |
| http://www.mrball.net | I've had better days... |
| http://faq.mrball.net | It's the end of the world as we know i|