[Date Prev][Date Next] [Chronological] [Thread] [Top]
config problem

To: openldap-software@OpenLDAP.org
Subject: config problem
From: Jörg Schulz <jschulz@sgbs.de>
Date: Fri, 22 Nov 2002 17:51:59 +0100
User-agent: KMail/1.4.3
My first setup for a replicated ldap service was as follows:
(I use a dirty abbreviation but I think this increases readability)

Server A                             Server B
suffix  dc=a,dc=de                   suffix   dc=a,dc=de
replica host="Server A"     ->       updatedn "manager"
        binddn="manager"

Server A was replicated 1:1 to Server B.

So far everything worked fine (the usage of manager for
replication isn't a good idea, but here it works if you 
update all your data from Server A)


Under dc=a,dc=de I have 3 subsections:

ou=x,dc=a,dc=de is mainly used on Server A read/write
ou=y,dc=a,dc=de is mainly used on Server B read/write
ou=z,dc=a,dc=de is used on both Servers read only

Server A and B are positioned at different localities
which are connected via a VPN. So mainly for availability 
I want to do something like this:

Server A                      Server B
suffix ou=x,dc=a,dc=de   ->   suffix ou=x,dc=a,dc=de
suffix ou=y,dc=a,dc=de   <-   suffix ou=y,dc=a,dc=de
suffix ou=z,dc=a,dc=de   ->   suffix ou=z,dc=a,dc=de

But how do I achieve this?


My first attempt was still all data in one database
but to replicate only subtrees:

Server A:                             Server B:   

suffix    dc=a,dc=de                  suffix    dc=a,dc=de

replica   host="Server B"             updatedn  "replicator"
          suffix="ou=x,dc=a,dc=de" -> updateref "Server A"
          suffix="ou=z,dc=a,dc=de"
          binddn="replicator"

updatedn  "replicator"             <- replica  host="Server A"
updateref "Server B"                           suffix="ou=y,dc=a,dc=de"      
                                               binddn="replicator"


Trying to set this up I realized that it was necessary to use
a seperate user for replication because each server must be
able to differentiate between "regular" updates from users 
and "replication updates".

But when I specify "updatedn/updateref" (and this has to be done 
on both sides) then nobody (but replicator) is able to modify 
any data, because he is referred to the other server. 

(BTW: if there would be the possibility to specify a base-dn
 for "updatedn" then I think the problem would be solved)

The second idea that came in my mind was something like this:


Sever A                              Server B

1.db suffix   dc=a,dc=de             suffix   dc=a,dc=de
     replica  host="Server B"     -> updatedn replicator
              binddn="replicator"

2.db suffix   ou=y,dc=a,dc=de     <- suffix  ou=y,dc=a,dc=de
     updatedn replicator             replica host="Server A"
                                             binddn="replicator"

This way you get around the problem that you can't update
1.db von Server A (2.db on Server B) as a normal user.

But when I tried this (first without the replication stuff)
I realized that such a layout where one db is a subordinate
of another isn't possible at all (is that right?). 
When I try to add something to the 2.db on A then it is stored
in the 1.db.


Another possibility would be to use 3 different databases:
1.db suffix ou=x,dc=a,dc=de
2.db suffix ou=x,dc=a,dc=de
3.db suffix ou=x,dc=a,dc=de

That would surely work but for me this doesn't *feel* good.
3 db's all with a same base (dc=a,dc=de).

Is this the only solution for the problem?

Jörg
Prev by Date: Re: ISO Latin Strings
Next by Date: Re: account balances
Index(es):
- Chronological
- Thread