[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: multi master replication



I think I can have two "rid=000" because I do not see any complaints on the logs (both masters) and the replication works. I'll have to read more about this.

Thanks,
Guruprasad

On Nov 25, 2014 2:46 AM, "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de> wrote:
Hi!

First I think you cannot have two "rid=000", second (unless you use
certificates or more sophisticated mechs) your password will be visible in the
config. That's why the config should be protected (and better not be sent to
this list unmodified).

Regards,
Ulrich

>>> Guruprasad Kulkarni <gkulkarni@gridcosystems.com> schrieb am 24.11.2014
um
20:01 in Nachricht
<CAB6=W2stWBseeehyE7vPn-v1BG6Wro+WPZtqdMb8ZY0yFqrXSQ@mail.gmail.com>:
> So I found an example for setting up multi master replication using
> slapd.conf
>
> *slapd.conf for MASTER 1*
>
> *# slapd master ldap1.example.com <http://ldap1.example.com>*
> *# global section*
> *serverID 001*
>
> *database bdb*
> *...*
>
> *access to **
> *     by dn.base="cn=admin,ou=people,dc=example,dc=com" read*
> *     by * read*
>
> *syncrepl rid=000 *
> *  provider=ldap://ldap2.example.com <http://ldap2.example.com>*
> *  type=refreshAndPersist*
> *  retry="5 5 300 +" *
> *  searchbase="dc=example,dc=com"*
> *  attrs="*,+"*
> *  bindmethod=simple*
> *  binddn="cn=admin,ou=people,dc=example,dc=com"*
> *  credentials=secret*
>
> *index objectClass eq*
>
> *mirrormode TRUE*
>
> *overlay syncprov*
> *syncprov-checkpoint 100 10*
>
>
>
> *slapd.conf for MASTER 2*
>
> *# slapd master ldap2.example.com <http://ldap2.example.com>*
> *# global section*
> *serverID 002*
>
> *database bdb*
> *...*
>
> *access to **
> *     by dn.base="cn=admin,ou=people,dc=example,dc=com" read*
> *     by * read *
>
> *syncrepl rid=000 *
> *  provider=ldap://ldap1.example.com <http://ldap1.example.com>*
> *  type=refreshAndPersist*
> *  retry="5 5 300 +" *
> *  searchbase="dc=example,dc=com"*
> *  attrs="*,+"*
> *  bindmethod=simple*
> *  binddn="cn=admin,ou=people,dc=example,dc=com"*
> *  credentials=secret*
>
> *index objectClass eq*
>
> *mirrormode TRUE*
>
> *overlay syncprov*
> *syncprov-checkpoint 100 10*
>
>
>
> My question is - Do the credentials have to be clear text passwords? If
> not, how do I mention encrypted passwords? (I tried within quotes ' ' and "
> ", but each time got invalid credentials error)
>
>
>
> On Mon, Nov 24, 2014 at 1:28 PM, Howard Chu <hyc@symas.com> wrote:
>
>> Guruprasad Kulkarni wrote:
>>
>>> Hi,
>>>
>>> I did have a look at the options and only "--enable-modules" option
>>> talks about dynamic module support
>>>
>>> I tried "--enable-dynamic" option as well (the description for it is
>>> enable linking built binaries with dynamic libs)
>>>
>>> What I do observe is that even though I have "moduleload syncprov.la
>>> <http://syncprov.la>" directive in slapd.conf, slapd does not complain
>>> about it. So I guess I do not have to specify the module path
>>> (syncreplication tests were successful as well)
>>>
>>
>> Correct, moduleload silently succeeds if you specify a module that was
>> built statically.
>>
>>>
>>> I also realized I was looking at the OLC configuration examples for
>>> multi master. What I need to do is find slapd.conf example for multi
>>> master.
>>>
>>>
>>> On Mon, Nov 24, 2014 at 11:29 AM, Dieter Klünter <dieter@dkluenter.de
>>> <mailto:dieter@dkluenter.de>> wrote:
>>>
>>>     Am Mon, 24 Nov 2014 09:52:34 -0500
>>>     schrieb Guruprasad Kulkarni <gkulkarni@gridcosystems.com
>>>     <mailto:gkulkarni@gridcosystems.com>>:
>>>
>>>     > I have 2 questions regarding multi master replication:
>>>     >
>>>     > 1. I built openldap 2.4.40 from source and according to the
>>> makefile,
>>>     > the module directory should be at /usr/local/libexec/openldap.
>>>     >
>>>     >     However I do not see such a folder. Am I missing something? The
>>>     > options I used with configure were "--enable-debug --enable-modules
>>>     > --enable-hdb --enable-monitor --enable-ppolicy --enable-syncprov
>>>     > --with-tls --with-cyrus-sasl"
>>>     >
>>>     >     I am asking because the multi master replication example (
>>>     >http://www.openldap.org/doc/admin24/replication.html
>>>      > <http://www.openldap.org/doc/admin24/replication.html#N-Way>)
>>> needs
>>>     > me to load thesyncprov.la <http://syncprov.la> module, but I am
>>> not sure if the
>>>     > modulepath given there is correct or not.
>>>
>>>     You have probably not build dynamic loadable modules, but built-in
>>>     modules.
>>>     you should run ./configure --help | less, which will show proper
build
>>>     choices.
>>>
>>
>> --
>>   -- Howard Chu
>>   CTO, Symas Corp.           http://www.symas.com
>>   Director, Highland Sun     http://highlandsun.com/hyc/
>>   Chief Architect, OpenLDAP  http://www.openldap.org/project/
>>
>
>
>
> --
> -Guruprasad