[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Building a centralized database from various LDAP servers

To: openldap-software@openldap.org
Subject: Re: Building a centralized database from various LDAP servers
From: "pkoelle@gmail.com" <pkoelle@gmail.com>
Date: Tue, 22 May 2007 22:49:39 +0200
In-reply-to: <a1f2851c0705221114g6d8eb655h533d24d0d9f473b5@mail.gmail.com>
References: <a1f2851c0705220650x71ec4f9es904ce1e9cf710b28@mail.gmail.com> <4653093A.50305@gmail.com> <a1f2851c0705221114g6d8eb655h533d24d0d9f473b5@mail.gmail.com>
User-agent: Thunderbird 2.0.0.0 (Windows/20070326)

Adam Brandizzi schrieb:

Hi!

On 5/22/07, pkoelle@gmail.com <pkoelle@gmail.com> wrote:

I'd setup the central server as a syncrepl consumer to all the branch
offices, with one database context for each. Optionally those can be
glued together with back-ldap.


I tried it, but I've tried to replicate subtrees using SyncRepl, which
does not work. Since then, I was thinking OpenLDAP 2.3 does not suport
multiple SyncRepl configurations at all, but now I am wondering
whether it is possible to create one SyncRepl instance for each
database context... So, does LDAP support one SyncRepl directives for
each database context?

from http://www.openldap.org/doc/admin23/syncrepl.html#Syncrepl%20Details

If a syncrepl specification is included in a database definition, slapd (8) launches a syncrepl engine as a slapd (8) thread and schedules its execution.

I read this as each database definition can have its own syncrepl statement. Hence the schema would be something like:

database bdb
directory /var/lib/ldap/sub1
suffix dc=sub1,dc=example,dc=com
....more config....

syncrepl rid=001
  ...more syncrepl stuff...

database bdb
directory /var/lib/ldap/sub2
suffix dc=sub2,dc=example,dc=com
....more config....

syncrepl rid=002
  ...more syncrepl stuff...

Anyway, this configuration seems to have a problem: AFAIK back-bdb (which is the backend we are using for actually storing the data) does not support multiple database contexts on OpenLDAP 2.3. Im I wrong? If not, has anyone an idea about how to handle it?

Use one "database" statement for each naming context

Using the chain overlay on the central
server, writes will be internally redirected to the branch office and
you won't have to deal with referrals manually. Of course, if the branch
is down writes will fail...


But why should I redirect the write requests to the branch? Actually,
the branchs will receive the write requests, and replicate it to the
central. Am I missing something? Sorry, I am a bit newbie :)

That's just if you need to write to the central server (which is a slave from a replication point of view) and don't want to deal with referrals manually[1]. If you only write to the branch offices; no need for the chain overlay.

hth
 Paul

[1] If you try to write to a slave you'll get back a referral (hopefully) which is just a ldap URL which points to the master and you have to manually rebind to the master and retry the operation. It's hard to support referrals in a general way because you would need to make assumptions about the identities to use for the rebind etc., Hence most clients don't support referrals and the chain overlay is a very handy solution;)

References:
- Building a centralized database from various LDAP servers
  - From: "Adam Brandizzi" <brandizzi2@gmail.com>
- Re: Building a centralized database from various LDAP servers
  - From: "pkoelle@gmail.com" <pkoelle@gmail.com>

Prev by Date: ber_scanf and ber_printf strangeness
Next by Date: IDL cache and a mix of index/unindexed attrs in a query
Index(es):
- Chronological
- Thread