[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: FW: Multi-master configuration -- check my slapd.conf files please?

To: Robert Hanson <Robert.Hanson@calabrio.com>, openldap-technical@openldap.org
Subject: Re: FW: Multi-master configuration -- check my slapd.conf files please?
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Fri, 14 Aug 2009 13:02:06 -0700
Content-disposition: inline
In-reply-to: <7A4A1C3056D0EB46BD030FF762B77BFA12BC243E9F@calex01.Calabrio.ld>
References: <7A4A1C3056D0EB46BD030FF762B77BFA12BC243E9F@calex01.Calabrio.ld>

--On Friday, August 14, 2009 11:16 AM -0500 Robert Hanson<Robert.Hanson@calabrio.com> wrote:



I have not had a response yet.  Would someone please check the syncrepl
setup of the config files (below) to see if there are any issues?  In
particular, do I need the syncprov-checkpoint ?  Thanks.

This is a volunteer mailing list. Responses are optional. If you expectimmediate help and answers, I'd advise you to set up a support contractwith a company that provides OpenLDAP support.


See: <http://www.openldap.org/support/>

--Quanah

__________________________________________________

From: Robert Hanson
Sent: Monday, August 03, 2009 4:01 PM
To: openldap-technical@openldap.org
Subject: Multi-master configuration -- check my slapd.conf files please?



Over the last weeks, we've been installing systems that have
multi-master configurations (where there are 2 servers; each one meant to
accept modifications and forward those modifications on to the other
server).  Occasionally, we've seen a case where a node in the tree has
a structuralObjectClass of "glue" rather than the intended
structuralObjectClass.  Someone on this list suggested I post the
slapd.conf files and logs.  We don't at the moment have any logs, but I
do have the slapd.conf files.  Would someone take a look at these and see
if anything stands out?



==================================================

Server 10.192,252.64

==================================================

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24
# 03:54:12 kurt Exp $

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

ucdata-path       "/opt/cisco/uccx/desktop/database"



include              "/opt/cisco/uccx/desktop/schemaconf/core.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/corba.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"

include
"/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/nis.schema"

include
"/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"



pidfile                "/var/run/desktop/slapd.pid"

argsfile        "/var/run/desktop/slapd.args"



# inactive, but still open connections,

# and any connections closed by the client,

# are held open by slapd for this number of seconds

# 900 = 15 minutes

# 300 = 5 minutes

idletimeout            300



sizelimit            unlimited

# Max # of threads. Default is 16

# threads                        16



# For older Enterprise clients - AM

allow bind_v2



# Maximum # of authenticate connections that can be pending

conn_max_pending_auth            2000



# Don't allow clients to modify anything under People

access to dn.subtree="ou=People,o=OurCompanyName Communications"

            by dn="cn=Client,ou=People,o=OurCompanyName Communications"
read

        by * read

# Allow clients to modify Company and so on

access to *

            by dn="cn=Client,ou=People,o=OurCompanyName Communications"
write

            by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications"
write

            by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications"
write

            by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications"
write

            by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications"
write

            by * read



#######################################################################

# BDB database definitions

#######################################################################



database           bdb

suffix                 "o=OurCompanyName Communications"

rootdn               "cn=OurCompanyName,ou=People,o=OurCompanyName
Communications"

checkpoint        10 1

# Number of entries mantain in cache. Default is 1000

cachesize         50000

# 8 = 4 MB per thr. Default is 16

searchstack      8



# Root user password

rootpw               {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6



# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory            "/opt/cisco/uccx/desktop/database"



# Indices to maintain

index    objectClass       eq

index    empID       eq

index   tid         eq

index    svrType             eq

index    ipHostName      eq

index    keyName                      eq





# for sync repl

serverID 1



syncrepl rid=123

            searchbase="o=OurCompanyName Communications"

            provider=ldap://10.192.252.65:3016

            type=refreshAndPersist

            retry="5 5 300 +"

            schemachecking=on

            attrs=*

            bindmethod=simple

            binddn="cn=OurCompanyName, ou=People, o=OurCompanyName
Communications"

            credentials=5385



mirrormode true



# ash - following will cause circular reaction if in both sides in
# slapd.conf

# updateref ldap://10.192.252.84:999



# set the host up as a provider

overlay syncprov

syncprov-checkpoint 100 10







==================================================

Server 10.192,252.65

==================================================

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24
# 03:54:12 kurt Exp $

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

ucdata-path       "/opt/cisco/uccx/desktop/database"



include              "/opt/cisco/uccx/desktop/schemaconf/core.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/corba.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"

include
"/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"

include              "/opt/cisco/uccx/desktop/schemaconf/nis.schema"

include
"/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"



pidfile                "/var/run/desktop/slapd.pid"

argsfile        "/var/run/desktop/slapd.args"



# inactive, but still open connections,

# and any connections closed by the client,

# are held open by slapd for this number of seconds

# 900 = 15 minutes

# 300 = 5 minutes

idletimeout            300



sizelimit            unlimited

# Max # of threads. Default is 16

# threads                        16



# For older Enterprise clients - AM

allow bind_v2



# Maximum # of authenticate connections that can be pending

conn_max_pending_auth            2000



# Don't allow clients to modify anything under People

access to dn.subtree="ou=People,o=OurCompanyName Communications"

            by dn="cn=Client,ou=People,o=OurCompanyName Communications"
read

        by * read

# Allow clients to modify Company and so on

access to *

            by dn="cn=Client,ou=People,o=OurCompanyName Communications"
write

            by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications"
write

            by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications"
write

            by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications"
write

            by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications"
write

            by * read



#######################################################################

# BDB database definitions

#######################################################################



database           bdb

suffix                 "o=OurCompanyName Communications"

rootdn               "cn=OurCompanyName,ou=People,o=OurCompanyName
Communications"

checkpoint        10 1

# Number of entries mantain in cache. Default is 1000

cachesize         50000

# 8 = 4 MB per thr. Default is 16

searchstack      8



# Root user password

rootpw               {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6



# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory            "/opt/cisco/uccx/desktop/database"



# Indices to maintain

index    objectClass       eq

index    empID       eq

index   tid         eq

index    svrType             eq

index    ipHostName      eq

index    keyName                      eq





# for sync repl

serverID 2



syncrepl rid=123

            searchbase="o=OurCompanyName Communications"

            provider=ldap://10.192.252.64:3016

            type=refreshAndPersist

            retry="5 5 300 +"

            schemachecking=on

            attrs=*

            bindmethod=simple

            binddn="cn=OurCompanyName, ou=People, o=OurCompanyName
Communications"

            credentials=5385



mirrormode true



# ash - following will cause circular reaction if in both sides in
# slapd.conf

# updateref ldap://10.192.252.84:999



# set the host up as a provider

overlay syncprov

syncprov-checkpoint 100 10




--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- FW: Multi-master configuration -- check my slapd.conf files please?
  - From: Robert Hanson <Robert.Hanson@Calabrio.com>

Prev by Date: Samba PDC + OpenLDAP (Debian Lenny)
Next by Date: Re: Multi-master configuration -- check my slapd.conf files please?
Index(es):
- Chronological
- Thread