[Date Prev][Date Next]
Re: replicated cn=config
Quanah Gibson-Mount wrote:
--On Friday, April 29, 2005 1:31 PM -0700 Howard Chu <firstname.lastname@example.org>
Quanah posed this question about how to set up a bunch of replica
that all use configurations replicated from the master as well. It
perfectly obvious at first, so I'm posting this note to suggest an
approach and get some reactions. I haven't tested this yet.
First of all, you cannot just replicate cn=config straight from a master
to a slave server, because the slave will wind up with an identical copy
of the master's configuration (and will then cease to be a slave). This
means you must use some alternate tree, and map it into the slave's
So here's a possible approach - on the master
On each slave
relay cn=config massage
Then either slurpd or syncrepl can be used to keep the slaves'
configurations up to date.
Unfortunately, I've found a problem with doing this, which is
bothersome to me, because I really need to be able to do this.
binddn's are irrelevant in SASL binds. As Luke mentioned, the authcID is
extracted from the Kerberos ticket automatically, so neither of these
two parameters are needed.
With both slurpd and syncrepl:
I've never needed to configure the sasl-host on any of my machines.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support