[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl and subordinate databases



On Tue, May 22, 2007 at 04:54:31PM +0200, Raphaël 'SurcouF' Bordet wrote:
> Le lundi 07 mai 2007 à 13:52 -0300, Andreas Hasenack a écrit :
> > On Mon, May 07, 2007 at 06:05:52PM +0200, Raphaël 'SurcouF' Bordet wrote:
> > > Le vendredi 04 mai 2007 à 11:32 -0700, Howard Chu a écrit :
> > > > Raphaël 'SurcouF' Bordet wrote:
> > > > > Hi,
> > > > > 
> > > > >  I'm using OpenLDAP 2.3.35 with a distributed architectures with many
> > > > > databases in the same naming context. I've designed a scheme of my
> > > > > architecture for easier understanding : 
> > > > > http://img370.imageshack.us/img370/693/architectureldapossaud3.png
> > > > 
> > > > There are a number of problems with syncprov and multiple glued remote 
> > > > databases in OpenLDAP 2.3. These have been resolved in OpenLDAP 2.4.
> > > 
> > > Hi, 
> > > 
> > > I need a stable version of OpenLDAP, not a alpha stage.
> > > Can I have a patch with only syncprov and glue overlays corrected ?
> > 
> > I doubt this will be fixed for 2.3. You could wait for 2.4 to become
> > "stable" or change a bit your setup, as I did. Basically, don't rely on
> > glue for the replication: replicate each database on itw own. Use the
> > glue overlay just for client searches. For replication, pretend it's not
> > there.
> 
> Hi, 
> 
> How can limit the usage of glue overlays to clients search ? I need to
> replicate my global database to front-ends and to subordinate openldap
> servers... I can' wait for 2.4.

This is what I did.
Consider this tree and these two servers (from ITS#4626):

Provider. ou=global is another database here. I use glue.

             + dc=example,dc=com (db1, rep1)
            / \
         ...   + ou=global (db2, rep2)
              / \
           ...   

Consumer:
              + dc=example,dc=com (from rep1, *exc* rep2)
             / \
          ...   + ou=global (from rep2)
               / \
            ...   ...


If I point the consumer at the provider's root, replication has issues when
reaching ou=global (see the ITS for details).
So, what I did was use two replications: one for ou=global, and another
one for dc=example,dc=com *excluding* the ou=global branch. And also two
databases in the consumer.

ou=global suffix at the consumer:
syncrepl	rid=002
		provider=ldap://ldap.server
		type=refreshAndPersist
		retry="10 +"
		searchbase="ou=global,dc=example,dc=com"
		scobe=sub
		filter="(objectClass=*)"
		bindmethod=simple
		binddn="uid=LDAP Replicator,ou=System Accounts,ou=global,dc=example,dc=com"
		credentials="ldapreplicator"

dc=example,dc=com suffix at the consumer:
syncrepl	rid=001
		provider=ldap://ldap.server
		type=refreshAndPersist
		retry="10 +"
		searchbase="dc=example,dc=com"
		scobe=sub
		filter="(!(entryDN:dnSubtreeMatch:=ou=Global,dc=example,dc=com))"
		bindmethod=simple
		binddn="uid=LDAP Replicator,ou=System Accounts,ou=global,dc=example,dc=com"
		credentials="ldapreplicator"

Notice the filter which is excluding the ou=global part.