Re: some questions about syncrepl

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Friday, October 05, 2007 9:53 AM +0200 Guillaume Rousse 
<Guillaume.Rousse@inria.fr> wrote:


> First, I noticed than changes on the slaves seems to be written from
> rootdn, not from the dn declared in the syncrepl directive, which seems
> to be only used on the master, meaning I don't need any specific ACL on
> the slave. Is this correct ?

Right, the DN in the syncrepl directive is purely for how it performs its 
searches on the master.

> Second, I have several slaves synchronizing on the same master. From
> slapd.conf man page, rid is supposed to be unique in the consumer only,
> meaning all my slaves can safely use the same rid (easier for
> maintaining centralized configurations). Is this correct interpretation ?

Correct.

> Third, I noticed a lot of errors correction for syncrepl in openldap
> changelog. As I can't easily change installed versions (our policy is to
> stick with our distribution provided package, meaning a mix of 2.3.27
> and 2.3.34), am I correct assuming 'refresh only' mode is less fragile
> than 'refresh & persist' mode, and than total synchronisation is also
> less fragile than delta synchronisation, if I need to fallback on a
> safer mode ?

Nope.  And, by the way, I'd seriously examine your policy, it is mightily 
flawed.  Distro versions are almost never meant for running OpenLDAP as a 
server, but for providing the client libraries.  You are only setting 
yourself up to be shot in the foot by following your current policy.  A 
wiser choice would be to do something like use the pre-compiled releases 
from Symas (http://www.symas.com/) or if you are using RedHat or CentOS, 
Buchan Milne's pre-compiled packages

<http://staff.telkomsa.net/packages/>

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration