[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: readonly replica configuration

To: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
Subject: Re: readonly replica configuration
From: "Charles N. Owens" <owensc@enc.edu>
Date: Wed, 21 Jun 2000 13:52:25 -0400
Organization: Eastern Nazarene College
References: <3950F94C.65E25204@enc.edu>

The best part about the obvious is that it often doesn't seem so obvious
until after the "Send" button is pushed.

Anyhow... quite clearly if I'm binding as the rootdn the replica will quite
happily accept any updates I submit.  This has to be true otherwise slurpd on
the master (which also binds as the rootdn) would not be able to send
updates.  Thus, by necessity, the 'readonly' parameter has no affect when
connected as rootdn.

...and, of course, I was connected to the replica as the rootdn when I was
trying to see if 'readonly' worked.  (Doh!)

So... I haven't tested anything more yet, but I'm guessing that 'readonly'
does in fact work.  Only one question remains, I guess:  Am I specifying to
referral to the master correctly?

Thanks for bearing with me,  ;-)
cno

"Charles N. Owens" wrote:

> Howdy... I'm trying to implement a read-only replica and for some reason
> I can't get it to actually be "read only"!
>
> Some questions:
>
>    * Is support for the "readonly" attribute actually implemented?  In
>      the slapd source I see it getting evaluated in config.c, but no
>      mention of it seems to exist where it really matters, which (I
>      think) would be modify.c
>    * If it isn't implemented, then how does one properly implement
>      single-master replication scenarios?
>    * Assuming there is a satisfactory answer to the above, what is the
>      correct way for the replica server to "point" to the master as the
>      place where write requests are handled?  The only obvious option
>      that I can see is the global "referral" parameter, but somehow this
>      doesn't seem right.
>
> Background:
>
> Servers:
>     M - master, rw
>     R - replica, ro
>
> I have replication set up and working (i.e. writes make to M get
> replicated to R).  Below is the config file for R.  As you can see,
> 'readonly' is set to 'on' and I have the default referral pointing to M
> (as best I know how).  My understanding is that when a client attempts a
> write to R, R is supposed to send back an LDAP_UNWILLING_TO_PERFORM
> result code and a referral to the read-write master (M).  The client is
> supposed to follow take head and submit the request directly to the
> master.  Various sources (e.g. Howes et al, "Understanding and Deploying
> LDAP...") seem to suggest that this configuration is standard stuff.
>
> With this configuration, though, I'm finding that R is still writeable
> (i.e. "readonly" doesn't seem to affect anything).  That being the case,
> of course, R has no need to refer the request elsewhere.  :-(
>
> Can this be done with OpenLDAP in its current state?  If not, then what
> sort of configuration is recommended instead?
>
> Last details:  I'm running OpenLDAP v1.2.10 on FreeBSD 4-stable.
>
> Thanks much!
> Charles
>
> R's config file:
>
> include         /usr/local/etc/openldap/slapd.at.conf
> include         /usr/local/etc/openldap/slapd.at.local
> include         /usr/local/etc/openldap/slapd.oc.conf
> include         /usr/local/etc/openldap/slapd.oc.local
> schemacheck     off
> # Note, for this test, 'M' is running on same host, at port 9010
> referral        ldap://localhost:9010
>
> pidfile         /var/run/slapd2.pid
> argsfile        /var/run/slapd2.args
>
> database        ldbm
> suffix          "dc=enc, dc=edu"
> directory       /var/ldap/db2
> readonly        on
> cachesize       200000
> dbcachesize     1500000
> rootdn          "cn=BigGuy, dc=enc, dc=edu"
> rootpw          {crypt}blahblah
> updatedn        "cn=BigGuy, dc=enc, dc=edu"
>
> # index defs....
>
> --
> -------------------------------------------------------------------------
>
>   Charles N. Owens                               Email: owensc@enc.edu
>                                            http://www.enc.edu/~owensc
>   Network & Systems Administrator
>   Information Technology Services  "Outside of a dog, a book is a man's
>   Eastern Nazarene College         best friend.  Inside of a dog it's
>                                    too dark to read." - Groucho Marx
> -------------------------------------------------------------------------

--
-------------------------------------------------------------------------
  Charles N. Owens                               Email: owensc@enc.edu
                                            http://www.enc.edu/~owensc
  Network & Systems Administrator
  Information Technology Services  "Outside of a dog, a book is a man's
  Eastern Nazarene College         best friend.  Inside of a dog it's
                                   too dark to read." - Groucho Marx
-------------------------------------------------------------------------

References:
- readonly replica configuration
  - From: "Charles N. Owens" <owensc@enc.edu>

Prev by Date: Information request
Next by Date: Re: Importing from Netscape LDAP -- Anybody out there?
Index(es):
- Chronological
- Thread