Re: Mirror replication with multi databases

[Jonathan Clarke <jonathan@phillipoux.net>]

On 31/08/2009 17:05, KISTER RAPHAEL wrote:
> Hello,
>
> I have to deploy an OpenLDAP in mirror mode and my OpenLDAP have 10 database.
> OpenLDAP is in 2.4.17 version and is deploy on Debian Lenny with Berkeley DB 4.6.
>
> I would like to know if my config file is correct. Indeed, when i start my OpenLDAP and if i add some entries, these entries are not replicated on the second OpenLDAP.

Hi,

A quick look at your config brings 3 things to mind. However, to figure 
out why nothing is replicating, the best would probably be to start up 
both servers with loglevel sync.

1) You don't seem to have any replication in place for the top level 
database (suffix  "dc=mycompany.com").

2) Each of your syncrepl statements contains 'filter="(entryUUID=*)"'. 
This is not necessary, but I presume this wouldn't actually cause 
replication problems.

3) Unrelated, but worth noting. The following ACLs will allow anonymous 
read access to cn=Monitor, although they seem to be designed not to. ACL 
are checked in order, and the 2nd ACL below allows anonymous read access 
to everything, so checking stops there and the 3rd ACL is never reached.
> access to dn.base="" by * read
> access to *
>           by self write
>          by dn="cn=admin,cn=config" write
>          by * read
> access to dn.subtree="cn=Monitor"
>               by dn.exact="cn=admin,cn=config" write
>               by users read
>               by * none

Hope this helps,
Jonathan


> This is my config file for the first OpenLDAP :
>
> -----------------------------------------------------------------------
>
> # Global section
> serverID    1
> # Inclusion des schemas
> include         /usr/local/etc/openldap/schema/core.schema
> include         /usr/local/etc/openldap/schema/spr.schema
> # -1 ALL, 0 NODEBUG, 8 CONNECTION MANAGMT, 32 SEARCH FILTER PROCESS, 128 ACCESS CTRL, 256 STAT LOG (CON, OP, RES), 512 STAT LOG ENTRIES SENT, 16384 SYNC
> loglevel 0
> # The maximum number of entries that is returned for a search operation
> sizelimit 500
> # The tool-threads parameter sets the actual amount of cpu's that is used
> # for indexing.
> tool-threads 16
> threads 32
> pidfile         /var/run/slapd.pid
> argsfile        /var/run/slapd.args
> modulepath      /usr/local/lib
> moduleload    back_hdb
> moduleload      back_ldap
> moduleload  back_monitor
> moduleload syncprov.la
> access to dn.base="" by * read
> access to *
>           by self write
>          by dn="cn=admin,cn=config" write
>          by * read
> access to dn.subtree="cn=Monitor"
>               by dn.exact="cn=admin,cn=config" write
>               by users read
>               by * none
> backend         hdb
> #######################################################################
> # BDB database definitions
> #######################################################################
> database monitor
> # Dynamic Config
> database config
> rootdn "cn=admin,cn=config"
> rootpw secret
> ############################################################################################
> # Base Suffix 0
> database        hdb
> suffix          "suffix=0,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u10/openldap
> cachesize       200000
> cachefree       10000
> shm_key 1
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 1
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u9/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=1
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=0,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 1
> database        hdb
> suffix          "suffix=1,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u1/openldap
> cachesize       200000
> cachefree       10000
> shm_key 11
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 11
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u2/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=2
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=1,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 2
> database        hdb
> suffix          "suffix=2,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u2/openldap
> cachesize       200000
> cachefree       10000
> shm_key 21
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 21
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u1/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=3
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=2,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 3
> database        hdb
> suffix          "suffix=3,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u3/openldap
> cachesize       200000
> cachefree       10000
> shm_key 31
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 31
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u4/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=4
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=3,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 4
> database        hdb
> suffix          "suffix=4,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u4/openldap
> cachesize       200000
> cachefree       10000
> shm_key 41
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 41
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u3/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=5
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=4,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 5
> database        hdb
> suffix          "suffix=5,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u5/openldap
> cachesize       200000
> cachefree       10000
> shm_key 51
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 51
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u6/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=6
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=5,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 6
> database        hdb
> suffix          "suffix=6,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u6/openldap
> cachesize       200000
> cachefree       10000
> shm_key 61
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 61
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u5/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=7
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=6,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 7
> database        hdb
> suffix          "suffix=7,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u7/openldap
> cachesize       200000
> cachefree       10000
> shm_key 71
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 71
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u8/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=8
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=7,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 8
> database        hdb
> suffix          "suffix=8,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u8/openldap
> cachesize       200000
> cachefree       10000
> shm_key 81
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 81
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u7/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=9
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=8,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base Suffix 9
> database        hdb
> suffix          "suffix=9,dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> subordinate
> directory       /u9/openldap
> cachesize       200000
> cachefree       10000
> shm_key 91
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_shm_key 91
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u10/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> # Index specifiques a la synchronisation
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> # syncrepl directive
> syncrepl rid=10
>          type=refreshAndPersist
>          provider=ldap://10.104.249.26
>          bindmethod=simple
>          binddn="cn=admin,cn=config"
>          credentials=secret
>          searchbase="suffix=9,dc=mycompany.com"
>          filter="(entryUUID=*)"
>          sizelimit="unlimited"
>          timelimit="unlimited"
>          schemachecking=on
>          retry="60 +"
> mirrormode on
> # define the provider to use the syncprov overlay
> # (last directives in database section)
> overlay syncprov
> syncprov-checkpoint 100 10
> ############################################################################################
> # Base racine
> database hdb
> suffix  "dc=mycompany.com"
> rootdn          "cn=admin,cn=config"
> directory /u0/openldap
> dbconfig set_cachesize 0 268435456 1
> dbconfig set_lg_regionmax 1048576
> dbconfig set_lg_max 52428800
> dbconfig set_lg_bsize 2097152
> dbconfig set_tx_max 100
> dbconfig set_lg_dir /u0/db-logs
> dbconfig set_flags DB_LOG_AUTOREMOVE
> #dbconfig set_flags DB_TXN_NOSYNC
> index   objectClass eq
> index   msisdn eq
> index entryCSN eq
> index entryUUID eq
> index contextCSN eq
> ############################################################################################
>
> ------------------------------------------------------------------------------------------
>
> The second file is the same, but serverID is 2 and i invert the provider for the replication.
>
> Is this config is correct or i have to change something in order to have mirror sync to work ? Thank you for your help.
>
> Raph