[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Best practice for choosing RID



On 12/11/2009 12:04, Peter Mogensen wrote:
Hi,

I'm moving more and more towards loading new databases via ldapadd to
cn=config.
All databases are replicated between two mirrormode servers - including
cn=config.

 From my unserstanding I need to syncrepl directives for each database.
For cn=config it could be:

syncrepl rid=1
provider=ldaps://<SERVER1>/
searchbase="cn=config"
type=refreshAndPersist
retry="60 +"
scope=sub
schemachecking=on
bindmethod=sasl
binddn="cn=config"
saslmech="EXTERNAL"
tls_cert=/etc/ldap/ssl/config.crt
tls_key=/etc/ldap/ssl/config.nopass.key
tls_cacert=/etc/ldap/ssl/ca.crt
tls_cipher_suite="NULL-SHA"

syncrepl rid=2
provider=ldaps://<SERVER2>/
searchbase="cn=config"
type=refreshAndPersist
retry="60 +"
scope=sub
schemachecking=on
bindmethod=sasl
binddn="cn=config"
saslmech="EXTERNAL"
tls_cert=/etc/ldap/ssl/config.crt
tls_key=/etc/ldap/ssl/config.nopass.key
tls_cacert=/etc/ldap/ssl/ca.crt
tls_cipher_suite="NULL-SHA"

The two directives are needed since the configuration will be replicated
and the two servers have to contain the same configuration. As long as
Server-2 can recognize it self as <SERVER2> it will ignore the directive
pointing to it self - correct?

Yes.

So cn=config will use RID 1 and RID 2.

When I add a new database it will also have to have 2 syncrepl
directives, but will have to use RID 3 and RID 4 - correct?

Yes.

Now, I would like not to have to specify the RID in the LDIF loaded to
create a new database. In principle I would not know how many other
replications were in place on the server I load it into, so it would be
a bad thing to hardwire the RID into the LDIF for the new database.

Are there any mechanism/best practice to do chose new RIDs automatically?

The mechanism we use is a script to search under cn=config for all entries with attribute "olcSyncrepl", and parse them to work out the current max RID, then use that +1.

Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------