[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication between 2.2 and 2.0

> Sorry in advance.  This message is going to be a bit long.
> I have about 140 sites, spread across about 20 divisions, underneath a
> single company.  We are staring an upgrade of servers, but said upgrade is
> disruptive and is going to take some time (possibly years).  The old
> servers are running OpenLDAP 2.0 (2.0.23 to be exact), and the new servers
> are (going to be) running 2.2(.13).

You should go at least with the latest stable; no reason, thou, to use
anything less than 2.2.28 (out this weekend, hopefully).

> Blithely unaware, I set up a new server as a test, and tried to get it to
> replicate data from the central LDAP server (2.0.27).  This did not work.
> So I did a bit of research and found the schism between OpenLDAP 2.0 and
> 2.2, with a hopeful note that replication from a 2.2 master to a 2.0 slave
> should be possible
> (http://www.openldap.org/lists/openldap-software/200505/msg00340.html).
> I set up a test using 2.2 as the master and 2.0 as the slave, with a
> replica directive including
> "attr!=structuralObjectClass,entryUUID,entryCSN".  Replication failed, and
> the reject file showed "ERROR: Constraint violation: creatorsName: no user
> modification allowed".

This message is likely telling you that the slave is not seeing the
modification as occurring with the "updatedn" identity; that's the reason
"creatorsName", "createTimestamp", "modifiersName", "modifyTimestamp" do
not get allowed.  They are at least supposed to be allowed, if not
required, in OpenLDAP 1.X (and since UMich's 3.3 as far as I can tell).

> Fair enough.  I expanded the attr line to include
> "creatorsName,createTimestamp,modifiersName,modifyTimestamp".

You should check instead if the "replica" directive and the slave
configuration match.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497