[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replicated cn=config

--On Friday, April 29, 2005 1:31 PM -0700 Howard Chu <hyc@symas.com> wrote:

Quanah posed this question about how to set up a bunch of replica servers
that all use configurations replicated from the master as well. It wasn't
perfectly obvious at first, so I'm posting this note to suggest an
approach and get some reactions. I haven't tested this yet.

First of all, you cannot just replicate cn=config straight from a master
to a slave server, because the slave will wind up with an identical copy
of the master's configuration (and will then cease to be a slave). This
means you must use some alternate tree, and map it into the slave's

So here's a possible approach - on the master

    database ldif
    directory /some/path
    suffix cn=replica-config

On each slave
    database relay
    suffix cn=replica-config
    relay cn=config massage

Then either slurpd or syncrepl can be used to keep the slaves'
configurations up to date.

Unfortunately, I've found a problem with doing this, which is bothersome to me, because I really need to be able to do this.

With syncrepl:

binddn="cn=HOSTNAME,cn=ldap,cn=operational,dc=stanford,dc=edu" authcId=ldap/HOSTNAME.stanford.edu@stanford.edu

With both slurpd and syncrepl:

sasl-host   HOSTNAME.stanford.edu

Since the host names are different on all the replicas, they cannot share a common cn=config. :(


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin