[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP instance as syncREPL replica and Slurpd master



Howard Chu wrote:
> Bruno Lezoray EMSM wrote:
>> Howard Chu wrote:
>>> Quanah Gibson-Mount wrote:
>>>> --On September 14, 2007 5:21:28 PM +0200 Bruno Lezoray EMSM
>>>> <bruno.lezoray@wh-ces.gmessaging.net> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> i want to implement a specific openldap configuration with 3
>>>>> instances:
>>>>> 1st is a master
>>>>> 2nd is a syncrepl replica "and" slurpd master
>>>>> 3rd is a slurpd replica
>>>> Set up a pushed-base syncrepl instead of using slurpd.  Slurpd is
>>>> deprecated, and fully removed from OpenLDAP 2.4.
>>> In OpenLDAP 2.3 this will require one more slapd process (while
>>> eliminating the slurpd process).
>>>
>>> 1 provider
>>> 2 regular consumer
>>> 2A back-ldap consumer
>>> 3 external replica
>>>
>>> None of the existing (1, 2, or 3) servers' configurations need any
>>> changes. (Except, you can remove the "replica" directives from your
>>> "slurpd master" since they don't do any good, and aren't needed
>>> anyway.)
>>>
>>> The back-ldap consumer would be set up something like:
>>>
>>> database    ldap
>>> suffix      "dc=example,dc=com"
>>> rootdn      "cn=Whoever"
>>> uri     ldap://localhost:9013/     <---- URL of external replica
>>>
>>> acl-bind    bindmethod=simple
>>>         binddn="cn=Monitor"        <---- updatedn of external replica
>>>         credentials=monitor        <---- password for updatedn
>>>
>>> # the usual consumer config...
>>> syncrepl    rid=1
>>>         provider=ldap://localhost:9011/
>>>         binddn="cn=Manager,dc=example,dc=com"
>>>         bindmethod=simple
>>>         credentials=secret
>>>         searchbase="dc=example,dc=com"
>>>         filter="(objectClass=*)"
>>>         schemachecking=off
>>>         scope=sub
>>>         type=refreshOnly
>>>         interval=00:00:00:10
>>>         retry="5 5 300 5"
>>>
>>>
>> Ok.
>> On the backldap instance, i have this configuration:
>> database        ldap
>> suffix          "o=test"
>> rootdn          "cn=root DN, o=test"
>> rootpw          {SSHA}JDqRrNmZbCiInNsubLessizYPdmcwhgf
>> uri     ldaps://10.1.1.69:1636/
> Is that really the URI of the external replica?
Yes
>
>> acl-bind    bindmethod=simple
>>         binddn="cn=root DN, o=test"
>>         credentials=secret
>> syncrepl    rid=1
>>         provider=ldaps://localhost:636/
> Is that really the URI of the syncrepl master?
No, it was a mistake. Sorry.
>
>>         binddn="cn=root DN,o=test"
>>         bindmethod=simple
>>         credentials=secret
>>         searchbase="o=test"
>>         filter="(objectClass=*)"
>>         schemachecking=off
>>         scope=sub
>>         type=refreshOnly
>>         interval=00:00:00:10
>>         retry="5 5 300 5"
>>
>> And on the external replica, i have :
>> database        bdb
>> suffix          "o=test"
>> rootdn          "cn=root DN, o=test"
>> rootpw          {SSHA}JDqRrNmZbCiInNsubLessizYPdmcwhgf
>> directory       /usr/products/freeware/openldap/var/openldap-slapd-sym
>> checkpoint      64      15
>
> You're missing the updateDN directive. And since this is supposed to
> be a replica, it shouldn't be generating password-hashes by itself, it
> should just be taking exactly what the master generated.
Exactly.

So, i don't need a regular consumer, except if i want to have a local
database.

Thanks for your help, Howard.

Rgds, Bruno.