Re: RootDN and slaves

[Dave Horsfall <daveh@ci.com.au>]

On Thu, 23 Jan 2003, Matthew J Backes wrote:

> > I was under the impression that rootDN had unfettered access to a
> > directory (using 2.0.25 here).
>
> Nope.  rootdn cannot write to replicas directory, nor can it alter
> directory use attrs like the timestamps.

Thanks; I'd just gone through the source code and was afraid that
this was the case.  I could have *sworn* I had used rootDN to fix
an errant slave in the past...

> > Is this true i.e. rootDN cannot update a slave, or should I be
> > looking for some other problem?
>
> Yep.  The replication dn Can write to the replicas, including
> directory use attributes.  This can be very useful for implementing
> cross-product replication or resyncing a stray replica.

That's what I was trying to do -- resync a slave -- but was using the
rootDN.

> The Net::LDAP perl module (See
> http://sourceforge.net/projects/perl-ldap/ ) has some useful scripts
> in their contrib section such as ldifsort and ldifdiff.  These make it
> fairly easy (if slow) to recover from almost any desync problem.

Yes, I have those, and I was using ldaputils (specifically ldapsync)
from fynet.com.  Obviously I should have been using bindDN and not
rootDN...

> It's also fairly easy to modify the ldifsort program to sort DN's
> structurally so you can more easily ldapadd complex (previously)
> unordered LDIF's.  This is useful as slapadd doesn't do much checking
> on the input data...

So I noticed :-(  That's what got us into this mess in the first place...

Thanks.

-- 
Dave Horsfall  DTM  VK2KFU  daveh@ci.com.au  Ph: +61 2 9906-7866  Fx: 9906-1556
Corinthian Engineering, Level 1, 401 Pacific Hwy, Artarmon, NSW 2064, Australia