[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Testing slave-master replication.

Hi Howard

You seem to have a misconception about how slaves work with referrals.

Indeed. Thanks for the enlightenment.

Referrals are returned by a slave server to a particular client. It is up to
the client to "chase" the referral.

Ah! That's the step I was missing. I was thinking that I could "close the loop" by configuring only OpenLDAP. Now I realize that my client has to use the updateref returned by the slave slapd (right?) in order to contact the master directly.

The point of this current discussion is
that the current OpenLDAP tools always perform referral chasing with an
anonymous rebind. This will not work if the master requires some real
authentication before it allows any modifications.

Hmm, but then I should see ldapmodify's connection attempt passing through the proxy listening at the updateref. To recap:

>> updateref       ldap://blommie:9998
>> I have a proxy listening on blommie:9998, forwarding to the master
>> on blommie:398, but I'm seeing no connection from slave. Should I?

I'll investigate this further ..

The updatedn/binddn info in slapd.conf is for use by slurpd when it
propagates changes from the master to the slave.

Ah, OK, so the 'updatedn' is not the dn to use when connecting back to the master. It is the dn expected by the slave when the master connects to it.

Updates only propagate in
this direction, master to slave. The slave never accepts or processes updates
from anywhere else; all other updates are referred back to the master.

I got that, I just thought that the slave sees an update request arrive, and passes the request along to the slapd at the other end of the updateref. That slapd (master) does the update, and slurpd propagates it back to the slave.

In other words, I misread this diagram:
-- I imagined that the slave encapsulated steps 3. (referral) and
4. (new request).

Thanks again,
Jean Jordaan