Hi all. Kind of an odd issue that I was hoping to get your advice with… I'm currently running a pair of rhel6 servers (hostnames: ldap1 & ldap2) w/ openldap-2.4.23 in multi-master. I also have a pair of rhel6 servers running keepalived & haproxy to act as loadbalancers (floating ip resolves to hostname: ldap) to direct ldap queries from some of our less documented/older services from the days before we had 2 ldap servers or from services that can’t natively handle failover ldap providers. This setup has been working without issue (from what I could tell) for over 2 years. I noticed today that we have an issue with 2x of our users ldap entries. They went from being students to being staff, which necessitated a uid change (username09 for student to username for staff). We have a script that was written years ago for handling these uid changes. Apparently, when this script was run on these two users, the uid change happened only on one of the ldap servers. The other still contains the old uid information. Here is a sanitized version of the script: http://pastebin.com/UiDJgWKA Would love some advice on why this might not have replicated and what I might be able to do to prevent this in the future. |