On Tuesday 18 October 2005 12:22, Tomasz Chmielewski wrote: > What is the best and fastest way to create a slave OpenLDAP server? > > I mean, what should one do if he/she has a master OpenLDAP and several > slaves, and want to create another slave? > > So far I was doing it more or less like this: > > 1) stopping OpenLDAP on the master, > 2) tarring/bzipping /var/lib/ldap to ldap.tar.bz2, > 3) adding a new replica to the slapd.conf on the master > 4) scp-copying ldap.tar.bz2 to a new slave > 5) uncompressing ldap.tar.bz2 to /var/lib/ldap on a new slave > 6) starting OpenLDAP on the master > 7) starting OpenLDAP on a new slave If you're using the Mandriva packages, the scripts in /usr/share/openldap/scripts may be helpful. > > Which works perfectly, but I feel it's not just a "right way" (it would > perhaps fail if OpenLDAP/database versions differ too much). > > > So I tried a "better way": > > slapcat > db.ldif on a master > > and then it failed on a new slave: > > # ldapadd -x -D "cn=Manager,dc=some,dc=company" -W -f db.ldif > Enter LDAP Password: > adding new entry "dc=some,dc=company" > ldap_add: Referral (10) > referrals: > ldap://192.168.1.10:389/dc=some,dc=company Why do you use ldapadd to add data you extracted with slapcat? slapcat|slapadd or ldapsearch|ldapadd slapcat|slapadd is better ... Anyway, you were trying to add the data as a dn that is not the replicadn ... > > > so I reconfigured a new slave to be a standalone server for a while: > > > # ldapadd -x -D "cn=Manager,dc=some,dc=company" -W -f db.ldif > Enter LDAP Password: > adding new entry "dc=some,dc=company" > ldap_add: Constraint violation (19) > additional info: structuralObjectClass: no user modification > allowed Again, you are not replicadn ... so you can't change operational attributes. > > > and it also failed. > > > What is the best approach to create a new slave server? Generic approach is to not use ldapadd to populate data you extracted with slapcat, but instead use slapadd ... Regards, Buchan -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
Attachment:
pgpAh3efDZ237.pgp
Description: PGP signature