[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Q] can I replicate several branches to the same slave from one master?

To: "Andrew Findlay" <andrew.findlay@skills-1st.co.uk>
Subject: Re: [Q] can I replicate several branches to the same slave from one master?
From: "Zeus Panchenko" <zeus@ibs.dn.ua>
Date: Thu, 29 Jun 2017 23:48:49 +0300
Cc: openldap-technical@openldap.org
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWxsbGdnZ3U1NQTExN cXFzx8fG/v7+f8hyWAAACXUlEQVQ4jUWSwXYiIRBFi4yyhtjtWpmRdTL0ZC3TJOukDa6Rc+T/P2F eFepwtFvr8upVFVDua8mLWw6La4VIKTuMdAPOebdU55sQs3n/D1xFFPFGVGh4AHKttr5K0bS6g7N ZCge7qpVLB+f1Z2WAj2OKXwIWt/bXpdXSiu8KXbviWkHxF5td9+lg2e3xlI2SCvatK8YLfHyh9lw 15yrad8Va5eXg4Llr7QmAaC+dL9sDt9iad/DX3OKvLMBf+dm0A0QuMrTvYIevSik1IaSVvgjIHt5 lSCG2ynNRpEcBZ8cgDWk+Ns99qzsYYV3MZoppWzGtYlTO9+meG6m/g92iNO9LfQB2JZsMpoJs7QG ku2KtabRK0bZRwDLyBDvwlxTm6ZlP7qyOqLcfqtLexpDSB4M0H3I/PQy1emvjjzgK+A0LmMKl6Lq zlqzh0VGAw440F6MJd8cY0nI7wiF/fVIBGY7UNCAXy6DmfYGCLLI0wtDbVcDUMqtJLmAhLqODQAe riERAxXJ1/QYGpa0ymqyytpKC19MNXHjvFmEsfcHIrncFR4xdbYWgmfEGLCcZokpGbGj1egMR+6M 1BkNX1pDdhPcOXpAnAeLQUwQLYepgQoZVNGS61yaE8CYA7gYAcWKzwGstACY2HTFvvOwk4FXAG/a mKHni/EcA/GkOk7I0IK7UMIf3+SahU8/FJdiE7KcuWdM3MFocUDEEIX9LfJoo4xV5tnNKc3jJuSs SZWgnnhepgU1zN4Hii18yW4RwDX52CXUtk0Hqz6cHOIUkWaX8fDcB+J7y1y2xDHwjv/8Buu8Ekz6 7tXQAAAAASUVORK5CYII=
In-reply-to: Your message of Thu, 29 Jun 2017 15:47:07 +0100 <20170629144707.GA2797@slab.skills-1st.co.uk>
Organization: I.B.S. LLC
References: <20170627010438.33399@relay.ibs.dn.ua> <20170629144707.GA2797@slab.skills-1st.co.uk>

Andrew Findlay <andrew.findlay@skills-1st.co.uk> wrote:
> 
> Try fixing the RIDs - use small numbers, all different. The exact values are not important.
> Also try commenting out the second syncrepl clause until you have the others working properly.
> You should be able to merge the first and second clauses as they share a search-base.

I did both of them, now slave configuration looks this way:

---[ slave configuration quotation start ]----------------------------
syncrepl rid=0
provider=ldap://master.example:389
starttls=critical
searchbase="ou=ABC,ou=Sendmail,dc=example"
bindmethod=simple
binddn="uid=replABC,ou=repl,dc=example"
credentials="***"
tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
tls_key=/usr/local/etc/openldap/ssl/ABC.key
tls_reqcert=try
type=refreshAndPersist
retry="60 +"
logbase="cn=example-accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog

syncrepl rid=1
provider=ldap://master.example:389
starttls=critical
searchbase="ou=People,dc=example"
bindmethod=simple
binddn="uid=replABC,ou=repl,dc=example"
credentials="***"
filter="(&(objectClass=authorizedServiceObject)(|(authorizedService=mail@foo.bar)(authorizedService=xmpp@foo.bar)))"
attrs="cn,entry,entryCSN,entryUUID,o,uid,uidNumber,gidNumber,gecos,homeDirectory,loginShell,userPassword,creatorsName,createTimestamp,modifiersName,modifyTimestamp,mail,rfc822MailMember,sn,authorizedService,mu-mailBox"
tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
tls_key=/usr/local/etc/openldap/ssl/ABC.key
tls_reqcert=try
type=refreshAndPersist
retry="60 +"
logbase="cn=example-accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog
---[ slave configuration quotation end   ]----------------------------


I separated rid-s and even searchbases, but I still can see complains in
slapd.log file, though now it is only rid=0 which is complained on, not
both of them ...

---[ slave slapd.log quotation start ]--------------------------------
Jun 29 22:45:30 ABC slapd[12593]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform
Jun 29 22:45:30 ABC slapd[12593]: do_syncrep2: rid=000 (53) Server is unwilling to perform
Jun 29 22:45:30 ABC slapd[12593]: do_syncrepl: rid=000 rc -2 retrying
---[ slave slapd.log quotation end   ]--------------------------------




> 
> You may also need to put ACLs on the accesslog database.
> 

is it something like this?

access to dn.children="cn=example-accesslog"
       by dn.children="ou=repl,dc=example" read
       by * break

but is not the fact that one replica working confirms, that replication is allowed
and I can see the changes for the objects of rid=1


-- 
Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)

References:
- [Q] can I replicate several branches to the same slave from one master?
  - From: "Zeus Panchenko" <zeus@ibs.dn.ua>
- Re: [Q] can I replicate several branches to the same slave from one master?
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: mmr pair stops replicating: "consumer state is newer than provider"
Next by Date: Catch-22: Need to change olcRootDN
Index(es):
- Chronological
- Thread