[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multi-master configuration -- check my slapd.conf files please?

Over the last weeks, we’ve been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server).  Occasionally, we’ve seen a case where a node in the tree has a structuralObjectClass of “glue” rather than the intended structuralObjectClass.  Someone on this list suggested I post the slapd.conf files and logs.  We don’t at the moment have any logs, but I do have the slapd.conf files.  Would someone take a look at these and see if anything stands out?

 

==================================================

Server 10.192,252.64

==================================================

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

ucdata-path       "/opt/cisco/uccx/desktop/database"

 

include              "/opt/cisco/uccx/desktop/schemaconf/core.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/corba.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/nis.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"

 

pidfile                "/var/run/desktop/slapd.pid"

argsfile        "/var/run/desktop/slapd.args"

 

# inactive, but still open connections,

# and any connections closed by the client,

# are held open by slapd for this number of seconds

#900 = 15 minutes

#300 = 5 minutes

idletimeout            300

 

sizelimit            unlimited

# Max # of threads. Default is 16

#threads                        16

 

# For older Enterprise clients - AM

allow bind_v2

 

# Maximum # of authenticate connections that can be pending

conn_max_pending_auth            2000

 

# Don't allow clients to modify anything under People

access to dn.subtree="ou=People,o=OurCompanyName Communications"

            by dn="cn=Client,ou=People,o=OurCompanyName Communications" read

        by * read

# Allow clients to modify Company and so on

access to *

            by dn="cn=Client,ou=People,o=OurCompanyName Communications" write

            by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write

            by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write

            by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write

            by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write

            by * read

 

#######################################################################

# BDB database definitions

#######################################################################

 

database           bdb

suffix                 "o=OurCompanyName Communications"

rootdn               "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"

checkpoint        10 1

# Number of entries mantain in cache. Default is 1000

cachesize         50000

# 8 = 4 MB per thr. Default is 16

searchstack      8

 

# Root user password

rootpw               {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6

 

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory            "/opt/cisco/uccx/desktop/database"

 

# Indices to maintain

index    objectClass       eq

index    empID       eq

index   tid         eq

index    svrType             eq

index    ipHostName      eq

index    keyName                      eq

 

 

# for sync repl

serverID 1

 

syncrepl rid=123

            searchbase="o=OurCompanyName Communications"

            provider=ldap://10.192.252.65:3016

            type=refreshAndPersist

            retry="5 5 300 +"

            schemachecking=on

            attrs=*

            bindmethod=simple

            binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications"

            credentials=5385

 

mirrormode true

 

# ash - following will cause circular reaction if in both sides in slapd.conf

# updateref ldap://10.192.252.84:999

 

# set the host up as a provider

overlay syncprov

syncprov-checkpoint 100 10

 

 

 

==================================================

Server 10.192,252.65

==================================================

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

ucdata-path       "/opt/cisco/uccx/desktop/database"

 

include              "/opt/cisco/uccx/desktop/schemaconf/core.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/corba.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/nis.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"

 

pidfile                "/var/run/desktop/slapd.pid"

argsfile        "/var/run/desktop/slapd.args"

 

# inactive, but still open connections,

# and any connections closed by the client,

# are held open by slapd for this number of seconds

#900 = 15 minutes

#300 = 5 minutes

idletimeout            300

 

sizelimit            unlimited

# Max # of threads. Default is 16

#threads                        16

 

# For older Enterprise clients - AM

allow bind_v2

 

# Maximum # of authenticate connections that can be pending

conn_max_pending_auth            2000

 

# Don't allow clients to modify anything under People

access to dn.subtree="ou=People,o=OurCompanyName Communications"

            by dn="cn=Client,ou=People,o=OurCompanyName Communications" read

        by * read

# Allow clients to modify Company and so on

access to *

            by dn="cn=Client,ou=People,o=OurCompanyName Communications" write

            by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write

            by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write

            by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write

            by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write

            by * read

 

#######################################################################

# BDB database definitions

#######################################################################

 

database           bdb

suffix                 "o=OurCompanyName Communications"

rootdn               "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"

checkpoint        10 1

# Number of entries mantain in cache. Default is 1000

cachesize         50000

# 8 = 4 MB per thr. Default is 16

searchstack      8

 

# Root user password

rootpw               {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6

 

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory            "/opt/cisco/uccx/desktop/database"

 

# Indices to maintain

index    objectClass       eq

index    empID       eq

index   tid         eq

index    svrType             eq

index    ipHostName      eq

index    keyName                      eq

 

 

# for sync repl

serverID 2

 

syncrepl rid=123

            searchbase="o=OurCompanyName Communications"

            provider=ldap://10.192.252.64:3016

            type=refreshAndPersist

            retry="5 5 300 +"

            schemachecking=on

            attrs=*

            bindmethod=simple

            binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications"

            credentials=5385

 

mirrormode true

 

# ash - following will cause circular reaction if in both sides in slapd.conf

# updateref ldap://10.192.252.84:999

 

# set the host up as a provider

overlay syncprov

syncprov-checkpoint 100 10