[Date Prev][Date Next] [Chronological] [Thread] [Top]

readonly replica configuration

Howdy... I'm trying to implement a read-only replica and for some reason
I can't get it to actually be "read only"!

Some questions:

   * Is support for the "readonly" attribute actually implemented?  In
     the slapd source I see it getting evaluated in config.c, but no
     mention of it seems to exist where it really matters, which (I
     think) would be modify.c
   * If it isn't implemented, then how does one properly implement
     single-master replication scenarios?
   * Assuming there is a satisfactory answer to the above, what is the
     correct way for the replica server to "point" to the master as the
     place where write requests are handled?  The only obvious option
     that I can see is the global "referral" parameter, but somehow this
     doesn't seem right.


    M - master, rw
    R - replica, ro

I have replication set up and working (i.e. writes make to M get
replicated to R).  Below is the config file for R.  As you can see,
'readonly' is set to 'on' and I have the default referral pointing to M
(as best I know how).  My understanding is that when a client attempts a
write to R, R is supposed to send back an LDAP_UNWILLING_TO_PERFORM
result code and a referral to the read-write master (M).  The client is
supposed to follow take head and submit the request directly to the
master.  Various sources (e.g. Howes et al, "Understanding and Deploying
LDAP...") seem to suggest that this configuration is standard stuff.

With this configuration, though, I'm finding that R is still writeable
(i.e. "readonly" doesn't seem to affect anything).  That being the case,
of course, R has no need to refer the request elsewhere.  :-(

Can this be done with OpenLDAP in its current state?  If not, then what
sort of configuration is recommended instead?

Last details:  I'm running OpenLDAP v1.2.10 on FreeBSD 4-stable.

Thanks much!

R's config file:

include         /usr/local/etc/openldap/slapd.at.conf
include         /usr/local/etc/openldap/slapd.at.local
include         /usr/local/etc/openldap/slapd.oc.conf
include         /usr/local/etc/openldap/slapd.oc.local
schemacheck     off
# Note, for this test, 'M' is running on same host, at port 9010
referral        ldap://localhost:9010

pidfile         /var/run/slapd2.pid
argsfile        /var/run/slapd2.args

database        ldbm
suffix          "dc=enc, dc=edu"
directory       /var/ldap/db2
readonly        on
cachesize       200000
dbcachesize     1500000
rootdn          "cn=BigGuy, dc=enc, dc=edu"
rootpw          {crypt}blahblah
updatedn        "cn=BigGuy, dc=enc, dc=edu"

# index defs....


  Charles N. Owens                               Email: owensc@enc.edu
  Network & Systems Administrator
  Information Technology Services  "Outside of a dog, a book is a man's
  Eastern Nazarene College         best friend.  Inside of a dog it's
                                   too dark to read." - Groucho Marx