[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RootDN and slaves

To: Dave Horsfall <daveh@ci.com.au>
Subject: Re: RootDN and slaves
From: Matthew J Backes <lucca@csun.edu>
Date: Thu, 23 Jan 2003 10:49:45 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20030123123603.C66251@mippet.ci.com.au>
Organization: California State University Northridge
References: <20030123123603.C66251@mippet.ci.com.au>

On Thu, 23 Jan 2003 13:12:47 +1100 (EST)
Dave Horsfall <daveh@ci.com.au> wrote:

> I was under the impression that rootDN had unfettered access to a
> directory (using 2.0.25 here).

Nope.  rootdn cannot write to replicas directory, nor can it alter
directory use attrs like the timestamps.

> Is this true i.e. rootDN cannot update a slave, or should I be
> looking for some other problem?

Yep.  The replication dn Can write to the replicas, including
directory use attributes.  This can be very useful for implementing
cross-product replication or resyncing a stray replica.

The Net::LDAP perl module (See
http://sourceforge.net/projects/perl-ldap/ ) has some useful scripts
in their contrib section such as ldifsort and ldifdiff.  These make it
fairly easy (if slow) to recover from almost any desync problem.

It's also fairly easy to modify the ldifsort program to sort DN's
structurally so you can more easily ldapadd complex (previously)
unordered LDIF's.  This is useful as slapadd doesn't do much checking
on the input data...

Matthew Backes
lucca@csun.edu

Follow-Ups:
- Re: RootDN and slaves
  - From: Dave Horsfall <daveh@ci.com.au>

References:
- RootDN and slaves
  - From: Dave Horsfall <daveh@ci.com.au>

Prev by Date: Re: Partial replication of attributes
Next by Date: Re: test my LDAP server ONLY using ssh?
Index(es):
- Chronological
- Thread