[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP instance as syncREPL replica and Slurpd master

Hi all,

i want to implement a specific openldap configuration with 3 instances:
1st is a master
2nd is a syncrepl replica "and" slurpd master
3rd is a slurpd replica
The reason why i want to implement this configuration is that i have
firewall restrictions:
Only the 2nd instance can establish TCP connections on 1st and 3rd
instances. TCP connections in the other direction is forbidden >:o .

The 1st instance sends updates correctly to the 2nd instance. But the
2nd instance doesn't generate replication log. So, i send nothing to the
3rd instance.

Here is an extract of my 2nd instance configuration:
database        bdb
suffix          "o=test"
rootdn          "cn=root DN, o=test"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          {SSHA}JDqRrNmZbCiInNsubLessizYPdmcwhgf
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /usr/products/freeware/openldap/var/openldap-slapd-pivot
# Changelog is check every 64 KB written or every 15 min
checkpoint      64      15

# password hash algorithm
password-hash   {SSHA}

# Set the entry cache size to 50000.
cachesize       50000
# Indexes to maintain
index   objectClass,entryCSN,entryUUID  eq
index   uid     pres,eq,sub
index   mail    pres,eq,sub
index   cn      pres,eq,sub
index   sn      pres,eq,sub

# Slurpd master replication parameters
replica uri=ldaps://localhost:1636/
        binddn="cn=Replicator, o=test"
        bindmethod=simple credentials=secret


# SyncREPL slave replication parameters
syncrepl rid=3
        binddn="cn=root DN, o=test"

So, my questions :
Can this architecture work ?
If yes, do you have a idea to solve the issue ?
If no, is there a solution according to the restriction ?

Rgds, Bruno.