[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP instance as syncREPL replica and Slurpd master
Howard Chu wrote:
> Quanah Gibson-Mount wrote:
>> --On September 14, 2007 5:21:28 PM +0200 Bruno Lezoray EMSM
>> <bruno.lezoray@wh-ces.gmessaging.net> wrote:
>>
>>> Hi all,
>>>
>>> i want to implement a specific openldap configuration with 3 instances:
>>> 1st is a master
>>> 2nd is a syncrepl replica "and" slurpd master
>>> 3rd is a slurpd replica
>
>> Set up a pushed-base syncrepl instead of using slurpd. Slurpd is
>> deprecated, and fully removed from OpenLDAP 2.4.
>
> In OpenLDAP 2.3 this will require one more slapd process (while
> eliminating the slurpd process).
>
> 1 provider
> 2 regular consumer
> 2A back-ldap consumer
> 3 external replica
>
> None of the existing (1, 2, or 3) servers' configurations need any
> changes. (Except, you can remove the "replica" directives from your
> "slurpd master" since they don't do any good, and aren't needed anyway.)
>
> The back-ldap consumer would be set up something like:
>
> database ldap
> suffix "dc=example,dc=com"
> rootdn "cn=Whoever"
> uri ldap://localhost:9013/ <---- URL of external replica
>
> acl-bind bindmethod=simple
> binddn="cn=Monitor" <---- updatedn of external replica
> credentials=monitor <---- password for updatedn
>
> # the usual consumer config...
> syncrepl rid=1
> provider=ldap://localhost:9011/
> binddn="cn=Manager,dc=example,dc=com"
> bindmethod=simple
> credentials=secret
> searchbase="dc=example,dc=com"
> filter="(objectClass=*)"
> schemachecking=off
> scope=sub
> type=refreshOnly
> interval=00:00:00:10
> retry="5 5 300 5"
>
>
Ok.
On the backldap instance, i have this configuration:
database ldap
suffix "o=test"
rootdn "cn=root DN, o=test"
rootpw {SSHA}JDqRrNmZbCiInNsubLessizYPdmcwhgf
uri ldaps://10.1.1.69:1636/
acl-bind bindmethod=simple
binddn="cn=root DN, o=test"
credentials=secret
syncrepl rid=1
provider=ldaps://localhost:636/
binddn="cn=root DN,o=test"
bindmethod=simple
credentials=secret
searchbase="o=test"
filter="(objectClass=*)"
schemachecking=off
scope=sub
type=refreshOnly
interval=00:00:00:10
retry="5 5 300 5"
And on the external replica, i have :
database bdb
suffix "o=test"
rootdn "cn=root DN, o=test"
rootpw {SSHA}JDqRrNmZbCiInNsubLessizYPdmcwhgf
directory /usr/products/freeware/openldap/var/openldap-slapd-sym
checkpoint 64 15
password-hash {SSHA}
cachesize 50000
index objectClass,entryCSN,entryUUID eq
index uid pres,eq,sub
index mail pres,eq,sub
index cn pres,eq,sub
index sn pres,eq,sub
But, the backldap failed to query the external replica. I have the
following error:
Sep 17 11:23:24 test-ldap backldap[28913]: [ID 702911 local4.debug] @(#)
$OpenLDAP: slapd 2.3.32 (Sep 13 2007 17:58:03) $
Sep 17 11:23:25 test-ldap backldap[28914]: [ID 100111 local4.debug]
slapd starting
Sep 17 11:23:25 test-ldap backldap[28914]: [ID 608079 local4.debug]
do_syncrep2: rid 001got search entry without control
Sep 17 11:23:30 test-ldap backldap[28914]: [ID 608079 local4.debug]
do_syncrep2: rid 001got search entry without control
For information, i use release 2.3.32 on Solaris 9/10.
Rgds, Bruno.