[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=config chaining

To: openldap-technical@openldap.org
Subject: Re: cn=config chaining
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Thu, 26 Sep 2013 22:42:36 +0200
In-reply-to: <CE6A0736.F5F8%rjj06001@ad.uconn.edu>
Organization: AVCI
References: <20130926210444.0611b6fb@pink.avci.de> <CE6A0736.F5F8%rjj06001@ad.uconn.edu>

Am Thu, 26 Sep 2013 19:50:08 +0000
schrieb "Jancewicz, Russell" <russell.jancewicz@uconn.edu>:

> 
> 
> On 2013-09-26 15:04, "Dieter KlÃnter" <dieter@dkluenter.de> wrote:
> 
> >Am Thu, 26 Sep 2013 17:23:42 +0000
> >schrieb "Jancewicz, Russell" <russell.jancewicz@uconn.edu>:
> >
> >> It was modified from the generation of slapd-chain2.conf which also
> >> didn't work (I was working off the assumption that the overlay
> >> needed to be on olcDatabase={1}frontend)
> >> 
> >> This is the slapd-chain2.conf file I am using (modified slightly)
> >> The only differences between this and the unmodified
> >> slapd-chain2.conf is the directory and the addition of chain-tls
> >> and chain-idassert-authzFrom to the "overlay chain" section.
> >> 
> >> I'm generating my config with it with
> >> $ slaptest -f slapd-chain2.conf -F ./slapd.d-test/
> >> 
> >> 
> >> """
> >> include		/etc/openldap/schema/core.schema
> >> include		/etc/openldap/schema/cosine.schema
> >> include		/etc/openldap/schema/inetorgperson.schema
> >> include		/etc/openldap/schema/openldap.schema
> >> include		/etc/openldap/schema/nis.schema
> >> 
> >> database	hdb
> >> directory   	/srv/ldap/example.com/
> >> suffix		"dc=example,dc=com"
> >> rootdn		"cn=admin,dc=example,dc=com"
> >> rootpw		secret
> >> 
> >> overlay		chain
> >> chain-uri	ldap://master.example.com
> >> chain-idassert-bind bindmethod=simple binddn="dc=example,dc=com"
> >> credentials=secret mode=self
> >> chain-tls start
> >> chain-idassert-authzFrom "*"
> >> """
> >[...]
> >
> >In this particular case chaining is a global configuration parameter,
> 
> 
> If that's the case what should I do to propagate writes/modifies from
> a *specific* database on my slave to a master?
> (ideally in cn=config style ldifs, not ldap.conf)
> 
> Regardless if I apply it to the {-1}frontend or the {1}hdb both
> situations have resulted in the unwilling to perform error.

If you want to chain write operations to a remote server, you should
define your local server, or at least partitions of the local server,
as a syncrepl client.

-Dieter 

-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E

Follow-Ups:
- Re: cn=config chaining
  - From: "Jancewicz, Russell" <russell.jancewicz@uconn.edu>

References:
- Re: cn=config chaining
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: cn=config chaining
  - From: "Jancewicz, Russell" <russell.jancewicz@uconn.edu>

Prev by Date: Re: cn=config chaining
Next by Date: Re: cn=config chaining
Index(es):
- Chronological
- Thread