[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: syncrepl and glue
- To: "Howard Chu" <hyc@symas.com>
- Subject: RE: syncrepl and glue
- From: "Spicer, Kevin" <KevinS@bmrb.co.uk>
- Date: Wed, 11 Jan 2006 01:29:14 -0000
- Cc: <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcYV9o51l4Xpa/gzSvydIAQlUL5goAAUuvwQ
- Thread-topic: syncrepl and glue
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
>The answer is in the description for "subordinate" in slapd.conf(5).
You
>have to exchange the order of the syncprov and glue overlays to prevent
>the provider from descending into the glued databases.
Thanks, however that doesn't seem to solve the problem of no replication
happening (although it appears to have solved the random changes to db
problem). I have verified that replication works with the subordinate
directives (and 'overlay glue' directive) commented on the provider.
My database definition on the provider for the superior db contains the
following
### START ###
database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=Manager,dc=mydomain,dc=com"
rootpw XXXXXXXXXXXXXXXXXXXXX
directory /var/db/ldap/central
overlay syncprov
overlay glue
overlay ppolicy
ppolicy_default "cn=systemusers,ou=policy,dc=mydomain,dc=com"
ppolicy_use_lockout
syncprov-checkpoint 100 10
syncprov-sessionlog 100
#Indexes etc.
### END ###
The consumer has this...
###START###
database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=Manager,dc=mydomain,dc=com"
rootpw XXXXXXXXXXXXXXXXXXXXXXX
syncrepl rid=501
provider=ldaps://master.mydomain.com
type=refreshAndPersist
searchbase="dc=mydomain,dc=com"
filter="(objectClass=*)"
scope=sub
retry="30 10 120 30 300 +"
binddn=cn=syncuser,dc=mydomain,dc=com
bindmethod=simple
credentials=xxxxxx
updateref ldaps://master.mydomain.com
directory /var/db/ldap/central
overlay glue
overlay ppolicy
ppolicy_default "cn=systemusers,ou=policy,dc=mydomain,dc=com"
ppolicy_use_lockout
# Indexes...
###END###
I have tried it with the ppolicy directives removed on the provider, but
that doesn't have an
impact. I'm seeing the following log lines on the consumer...
slapd[18668]: [ID 764482 local4.debug] do_syncrep2: got search entry
without control
(These correspond to binds from the syncuser on the provider)
Turning up logging on the provider I see this line..
slapd[20818]: [ID 430416 local4.debug] slap_global_control: unavailable
control: 1.3.6.1.4.1.4203.1.9.1.1
=================================================================
BMRB wins two BMRA awards - http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB Limited accepts no liability
in relation to any personal emails, or content of any email which
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++