[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multimaster replication of cn=config working too well?!

Mark Cairney wrote:

Has anyone experienced problems with the cn=config directory syncing the same change across all nodes and breaking the configuration?

In the past I've had problems where the syncrepl parameters are synced
across all nodes, including that node itself, which results in the servers
then trying to sync with themselves.

The most recent problem however was that the olcSaslHost value was synced
be one particular server on all 3 nodes. As I was using GSSAPI to do the
replication this broke it completely and it meant that I could only bind via
GSSAPI to one of the 3 servers.

In the meantime I've set the servers not to syncrepl cn=config but this isn't ideal.

Anyone else on the list had similar problems?

The potential for royally screwing things up has been discussed on the -devel list from time to time. The use of serverIDs and explicit URL matching was introduced to prevent consumers pointing at themselves, that's already documented.

For other settings, it's probably best to add some excluded attributes to your consumer configs.

And of course, turning off multimaster replication of cn=config is always a good possibility. Nobody said you *had* to do it. We only document it to show that you *can* do it if you need it, that doesn't mean it's a recommended scenario.

Kind regards,


Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email: mark.cairney@ed.ac.uk


  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/