[Date Prev][Date Next]
Re: Multiple syncrepl problems
Turbo Fredriksson wrote:
Then you've been lucky. For example, the old (pre 2.2.20) syncrepl
consumer performs Modifies by deleting the old entry and adding the new
entry. The Delete step is done using the rootdn. If you have no rootdn,
and "anonymous" has no write access to the DB, then the Delete will
fail. Thus the subsequent Add will also fail because the entry already
exists. "From what you can tell" on the outside means nothing; the
source code doesn't lie.
"Howard" == Howard Chu <email@example.com> writes:
Howard> However, the fact remains that even in older
Howard> releases, you must have a rootdn defined on the consumer
Howard> database, because it is needed for internal maintenance.
'internal maintenance' - such as!? I haven't had a rootdn since 1.3.something
(which was YEARS ago), and from what I can tell, everything (!) have worked
Howard> I'm inclined to remove the multiple-consumer-context
Howard> support, as it seems to be causing more hassles than it's
Howard> worth. With that removed, then only a rootdn would be
Howard> needed and no updatedn at all.
Ah, so it WAS that the thread on -devel meant! PLEASE (pretty, pretty
PLEASE) don't remove multiple-consumers! I was just about to start
implementing (or at least testing - syncrepl is now operational on
all my LDAP servers/sites) this (I need it!!).
No, you've misunderstood the thrust of the -devel discussion.
I have a number of LDAP sites (each 'site' consisting of multipleThat's exactly what I'm talking about *supporting* - you can have
multiple databases with one consumer per database. But there is no
apparent benefit to multiple consumers in a single database, and there
is an obvious downside to it already (managing those annoying
LDAP servers) I'm administrating. My company is one of those sites
(my personal LDAP servers are another). My company is offering a
'LDAP hosting' service (with live backups etc). I'd like to have a
hidden machine that syncs from (all those) LDAP server(s) into one slapd
process (but multiple databases/directories I guess).
That way it's easy to get the broken LDAP server up and running in a
very short time (slapcat on the hidden machine etc).
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support