[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to best create a new slave server?



On Tuesday 18 October 2005 12:22, Tomasz Chmielewski wrote:
> What is the best and fastest way to create a slave OpenLDAP server?
>
> I mean, what should one do if he/she has a master OpenLDAP and several
> slaves, and want to create another slave?
>
> So far I was doing it more or less like this:
>
> 1) stopping OpenLDAP on the master,
> 2) tarring/bzipping /var/lib/ldap to ldap.tar.bz2,
> 3) adding a new replica to the slapd.conf on the master
> 4) scp-copying ldap.tar.bz2 to a new slave
> 5) uncompressing ldap.tar.bz2 to /var/lib/ldap on a new slave
> 6) starting OpenLDAP on the master
> 7) starting OpenLDAP on a new slave

If you're using the Mandriva packages, the scripts 
in /usr/share/openldap/scripts may be helpful.

>
> Which works perfectly, but I feel it's not just a "right way" (it would
> perhaps fail if OpenLDAP/database versions differ too much).
>
>
> So I tried a "better way":
>
> slapcat > db.ldif on a master
>
> and then it failed on a new slave:
>
> # ldapadd -x -D "cn=Manager,dc=some,dc=company" -W -f db.ldif
> Enter LDAP Password:
> adding new entry "dc=some,dc=company"
> ldap_add: Referral (10)
>          referrals:
>                  ldap://192.168.1.10:389/dc=some,dc=company

Why do you use ldapadd to add data you extracted with slapcat?

slapcat|slapadd
or
ldapsearch|ldapadd

slapcat|slapadd is better ...

Anyway, you were trying to add the data as a dn that is not the replicadn ...

>
>
> so I reconfigured a new slave to be a standalone server for a while:
>
>
> # ldapadd -x -D "cn=Manager,dc=some,dc=company" -W -f db.ldif
> Enter LDAP Password:
> adding new entry "dc=some,dc=company"
> ldap_add: Constraint violation (19)
>          additional info: structuralObjectClass: no user modification
> allowed

Again, you are not replicadn ... so you can't change operational attributes.

>
>
> and it also failed.
>
>
> What is the best approach to create a new slave server?

Generic approach is to not use ldapadd to populate data you extracted with 
slapcat, but instead use slapadd ...

Regards,
Buchan

-- 
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgpAh3efDZ237.pgp
Description: PGP signature