[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication

To: Ottavio Campana <ottavio@campana.vi.it>
Subject: Re: Replication
From: Dave Holland <dh3@sanger.ac.uk>
Date: Thu, 8 Apr 2004 10:08:44 +0100
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <4074F5F4.5060509@campana.vi.it>
References: <40746715.1050606@megalink.net> <4074F5F4.5060509@campana.vi.it>
User-agent: Mutt/1.5.5.1+cvs20040105i

On Thu, Apr 08, 2004 at 08:49:24AM +0200, Ottavio Campana wrote:
> you're looking for a multimaster system. Some weeks ago I just posted to 
> this list to know has this feature is supported by openldap but noone 
> said me anything.
> Is there anyone who can tell something about it?

It's available, but I believe it's unsupported. It's appallingly badly
documented. :-) I'm using it with version 2.1.29 in combination with
Linux-HA and it works well.

In a nutshell, you need to do:

./configure [...usual options here...] --enable-multimaster --enable-slapd

and then edit include/portable.h, changing /* #undef SLAPD_MULTIMASTER */
into #define SLAPD_MULTIMASTER (hmm, --enable-multimaster should do
that, grr). Then make depend && make && make install as usual.

This is what I have in one machine's slapd.conf:

# Where to store the replica logs.
replogfile      /ldap/var/openldap-slurp/replog

# this is the DN presented by the other machine when it replicates
updatedn "cn=ldapsrv2,ou=pseudoaccounts,dc=sanger,dc=ac,dc=uk"
# we refer updates to ourselves
updateref "ldap://ldapsrv1.internal.sanger.ac.uk";

# the replica is on the other machine
replica host=ldapsrv2-int
        binddn="cn=ldapsrv1,ou=pseudoaccounts,dc=sanger,dc=ac,dc=uk"
        bindmethod=simple credentials=password-goes-here
# so we bind with our name

That's mirrored on the other machine, swapping ldapsrv1<->ldapsrv2
throughout. You need entries in your directory so the replication
connections can authenticate. You'll also need an ACL to allow
replication to write to the directory; something like this:

access to *
        by dn="cn=admin,dc=sanger,dc=ac,dc=uk" write
        by dn="cn=ldapsrv2,ou=pseudoaccounts,dc=sanger,dc=ac,dc=uk" write
        by * none break

I think that's about it. Any other questions, just ask. Similarly, if
anyone notices a glaring error I've made, please say -- but like I say,
this works for me.

Dave
-- 
** Dave Holland ** Systems Support  -  Special Projects Team **
** 01223 834244 ** Sanger Institute, Hinxton, Cambridge, UK  **
"Good, Fast, Cheap: pick any two."

Follow-Ups:
- RE: Replication
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- Replication
  - From: Jim Greene <jwgreene@megalink.net>
- Re: Replication
  - From: Ottavio Campana <ottavio@campana.vi.it>

Prev by Date: Re: make install symlinks to slapd tools
Next by Date: Re: kadmin: kadm5_create_principa: ldap_add_s: Can't contact LDAP server
Index(es):
- Chronological
- Thread