[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
openldap 2.4.11 multi-master replication fails and overlay stacking order
- To: openldap-software@openldap.org
- Subject: openldap 2.4.11 multi-master replication fails and overlay stacking order
- From: Alan Evans <alanwevans@gmail.com>
- Date: Thu, 27 Aug 2009 17:07:52 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:date:message-id :subject:from:to:content-type; bh=oG354Ab4sXSZFh8h+aa7Rj3c0z7QvYyiJI35pGzgdqE=; b=lor6+9m7tVbyyJIAW3iedbYU5GmuytV+etGVmSEWtdoj6AJKz/OOts44l0RPFWvlwB 5yaYx+aXkxNvbZG/1br2rzmKc2F7KxflYtZKdw1wRPSzI7foI1A9uxRu/nNRXlJGWpKw O7F1W0Ea+FzdxqFgjPTV2YGdVcLmvto8EM2+4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; b=QFR4JldXrWedxvj2jHn6ctSdRD5Lttyov5u8xRzqdt5XzqJoeKehziaTfmw1dCJ3HS Lg0lcGWcBPd/EOv4pxLCM2QXHfQ8JlF4sNHE390PDpvEpPA2GswoLL2Hxf7v/gWlTDYq Fr34q8A3T6KAq3TmwAxLcPfncSZxQBuW1ZHcI=
I have two issues.
1. Multi-master replication does not seem to work reliably for me, changes on master1 often do not get replicated to master2 or vice versa.
One thing I think is a bit weird is that I have to use "mirrormode on" but reading the documentation mirrormode is not really multi-master, its master w/ failover basically. All writes should go to one master but I want true multi-master where writes can go to either master at any time.
If I remove mirrormode on I get "unwilling to perform" or update referrals when trying to write to my masters. Should I be using mirrormode for multi-master replication?
2. I am not sure my overlays are ordered in the best way and wonder if this misordering is a part of the replication problems I am seeing.
Can anyone offer any suggestions as to what I might have wrong for multi-master replication or for the proper stacking order of my overlays?
I am using openldap 2.4.11 and I am configuring everything with slapd.conf.
I am trying to update to 2.4.16 but I need a reliable RPM for it. It is company policy that the build tools do not go on production servers so I must find an RPM or build an RPM on our build box.
--- Begin master1 slapd.conf ---
...globals, schema and such...
password-hash {SSHA}
ServerID 1
# access.conf contains all access statements which get rsynced
# to all master and slave ldap servers
include /etc/openldap/access.conf
authz-policy both
sizelimit unlimited
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index member,uniqueMember,memberOf eq,pres
index entryCSN,entryUUID eq
overlay accesslog
logdb cn=log
logops writes session
logpurge 7+00:00 1+00:00
overlay ppolicy
ppolicy_default cn=ppolicy_default,ou=policies,dc=example,dc=com
ppolicy_use_lockout true
syncrepl rid=001
provider=ldap://master2/
bindmethod=simple
binddn="cn=replicator,dc=example,dc=com"
credentials=secret
searchbase="dc=example,dc=com"
schemachecking=off
type=refreshAndPersist
starttls=yes
tls_reqcert=never
retry="60 5 600 +"
overlay syncprov
syncprov-checkpoint 100 10
mirrormode on
overlay unique
unique_uri "ldap:///o=*,dc=example,dc=com?uid?sub?(objectClass=posixAccount)"
unique_uri "ldap:///o=*,dc=example,dc=com?uidNumber?sub?(objectClass=posixAccount)"
unique_uri "ldap:///o=*,dc=example,dc=com?cn?sub?(objectClass=posixGroup)"
overlay dynlist
dynlist-attrset posixGroup memberURL memberUid:uid
overlay memberof
memberof-refint TRUE
memberof-dangling error
--- End master1 slapd.conf ---
Master2 slapd.conf is identical except for being ServerID 2 and its syncrepl provider is master1.