[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl LDIF kickstart file

To: Gavin Henry <ghenry@suretecsystems.com>
Subject: Re: syncrepl LDIF kickstart file
From: Scott Classen <SClassen@lbl.gov>
Date: Mon, 26 Nov 2007 16:17:49 -0800
Cc: openldap-software@openldap.org
In-reply-to: <44457.212.159.59.85.1195685588.squirrel@webmail.suretecsystems.com>
References: <44457.212.159.59.85.1195685588.squirrel@webmail.suretecsystems.com>

On Nov 21, 2007, at 2:53 PM, Gavin Henry wrote:

I've been thinking about this some and I am still confused about what
is probably a fairly simple syncrepl concept.

What I have been trying to do is synchronize the cn=config base from
the PROVIDER to the CONSUMER. My hope was that by replicating
cn=config then all the other databases (well, really only the primary
BDB for now) would then be automagically synched too. Does this make
sense?


Rather than try to debug all of above, I'm stepping back and trying to
understand what you are doing.

So you are trying to sync the providers config to the consumer?

This is like MirrorMode or Multi-Master.

If you have a master and a slave (the slave with a syncprov overlay on), then plan to bootstrap from the slave for another slave, then that makes sense, i.e. what you plan above is ok.

Can you clarify?

OK. The BIG picture. I am running a small operation here. I will probably never have more than 100 users in my LDAP directory. I have one machine that is currently running openldap 2.4.6 as my one and only (i.e. Master) LDAP server. Now that LDAP is up and running I am starting to slowly migrate existing users over to the LDAP directory. It is absolutely imperative that if the master server becomes unavailable that users can still function. Therefore, I was trying to set up a backup LDAP server. My research has led me to the conclusion that I should be using syncrepl (of the regular sort ... not mirrormode or multi-master) to create my second backup LDAP server.

I thought by installing openldap 2.4.6 on a second machine and using a short 10-15 line seed.ldif file it would talk to the master LDAP server, get the cn=config from the master and see that in addition to the cn=config base there is also another BDB base (dc=example,dc=als,dc=lbl,dc=gov), and then it would sync up that guy too.

My concern is that I am using TLS and currently the names of the crt and key files are different for the PROVIDER and CONSUMER so simply replicating the cn=config may not actually work unless I remain consistent in my naming of the SSL files. I guess I can do this, but I thought to clarify the idea with the openldap experts first.

I'm still hopeful. I really like the idea of building a new machine, compiling openldap, slapadding a seed LDIF file and instantly having a backup slave LDAP server.
Thanks,
Scott


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scott Classen, Ph.D.
SIBYLS Beamline 12.3.1
http://bl1231.als.lbl.gov
Advanced Light Source
Lawrence Berkeley National Laboratory
1 Cyclotron Rd
MS6R2100
Berkeley, CA 94720
O) 510.495.2697
Beamline) 510.495.2134
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:
- Re: syncrepl LDIF kickstart file
  - From: "Gavin Henry" <ghenry@suretecsystems.com>

Prev by Date: Re: Question on bind using Kerberos Service Ticket.
Next by Date: Re: syncrepl LDIF kickstart file
Index(es):
- Chronological
- Thread