[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl with more that one database

To: "OpenLDAP Software List" <openldap-software@openldap.org>
Subject: syncrepl with more that one database
From: "James Hartley" <james.hartley@gmail.com>
Date: Fri, 8 Feb 2008 16:59:59 -0800
Content-disposition: inline

I see a lot of examples with syncrepl and one database in fact I am
running one in that configuration with replication.

Now I need to run and replicate two different databases... I have the
databases running on the master without repl.

I am wondering about the proper configuration on the slave should look like...

from the documentation I see that syncrepl is a database directive,
can someone give me a simple  example of
what the configuration file should look like with two or more databases.

here is what I have now on the slave

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
#  solaris.schema provides nisDomainObject, absent from nis.schema
include		/etc/openldap/schema/solaris.schema
include		/etc/openldap/schema/DUAConfigProfile.schema
#  samba.schema  provides the samba information for samba clients
include		/etc/openldap/schema/samba.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

loglevel	4	
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args


# TLS Configuration
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/slapd-cert-ldap2.pem
TLSCertificateKeyFile /etc/openldap/slapd-key-ldap2.pem
#Use the following if client authenication is required
#TLSVerifyClient demand
# ... or not desired at all
#TLSVerifyClient never

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
suffix		"dc=example,dc=com"
rootdn		"cn=Manager,dc=example,dc=com"
directory	/var/lib/openldap-data

# Indices to maintain
index entryCSN,entryUUID eq

#Performance Tuning Directives
sizelimit 5000
threads	  8
idletimeout 14400
cachesize 10000
checkpoint 256 15

# synrepl parameters for the slave
syncrepl rid=001
   provider=ldap://server.example.com
   type=refreshOnly
   interval=00:00:05:00
   searchbase="dc=example,dc=com"
   binddn="uid=syncrepl,ou=system,dc=example,dc=com"
   credentials=xxxxxx

# referral line to update the master
updateref ldap://server.example.com

#####
# ACL's
#####

## Give Admins immediate write access
access to dn.subtree="dc=example,dc=com"
        by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admins,ou=Groups,dc=example,dc=com" write
	by * none break
access to attrs=userPassword
	by self write
        by dn="cn=proxyagent,ou=profile,dc=example,dc=com" read
	by * auth
access to *
	by self write
	by * read

#########################################################################
# Database 2:
#########################################################################

database        bdb
suffix          "dc=wired,dc=hotdog,dc=com"
rootdn          "cn=Manager,dc=wired,dc=hotdog,dc=com"
directory       /var/lib/openldap-wired

# Indices to maintain for this database
index cn                      pres,sub,eq
index sn                      pres,sub,eq
index uid                     pres,sub,eq
index displayName             pres,sub,eq
index uidNumber               eq
index gidNumber               eq
index objectClass               eq
index memberUid               eq,subinitial
index mail                            eq,subinitial
index givenname               eq,subinitial
index   sambaSID              eq
index   sambaPrimaryGroupSID  eq
index   sambaDomainName       eq
index entryCSN,entryUUID      eq
index   default               sub


#password-hash
#password-hash {MD5} - slave doesn't set passwords either.
#security ssf=1 update_ssf=112 simple_bind=64 tls=1
security tls=1
#disallow bind_anon
#disallow bind_simple_unprotected
#disallow bind_simple

# synrepl parameters for the slave
syncrepl rid=001
   provider=ldap://server.example.com
   type=refreshOnly
   interval=00:00:05:00
   searchbase="dc=wired,dc=hotdog,dc=com"
   binddn="uid=syncrepl,ou=system,dc=example,dc=com"
   credentials=xxxxxx

#####
# ACL's
#####

## Give Admins immediate write access
access to dn.subtree="dc=wired,dc=hotdog,dc=com"
        by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admins,ou=Groups,dc=example,dc=com" write
        by * none break
access to dn.base=""
        by self write
        by * auth
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by self write
        by anonymous auth
        by * none
access to *
        by * read
        by anonymous auth

on the server I have

index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 50 100
syncprov=sessionlog 100

in each database section....

Is this the correct approach???  notice the the rid numbers are the
same is that right?

thanks

james

Follow-Ups:
- Re: syncrepl with more that one database
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Password Policy pwdHistory not being checked? -- answer found
Next by Date: Re: syncrepl with more that one database
Index(es):
- Chronological
- Thread