[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Migrating to N-Way Master
> Your question doesn't make any sense as asked. I would suggest you pastebin your configuration minus passwords.
Here is the config :
# Schema's
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/misc.schema
# Global
serverID 1 ldap://ldap1
serverID 2 ldap://ldap2
password-hash {SSHA}
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
moduleload back_hdb
moduleload syncprov
moduleload accesslog
# Max entries returned for searches
sizelimit 10000
# CPU Indexing threads
tool-threads 1
# ACL's
access to *
by dn.base="cn=thegiver,dc=cas-aci,dc=ca" read
by * break
access to dn.children="ou=People,dc=cas-aci,dc=ca"
attrs=userPassword
by self write
by * auth
access to *
by * read
# Accesslog database definitions
database hdb
suffix cn=accesslog
directory /var/db/openldap-accesslog
rootdn cn=accesslog
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
# Let the replica DN have limitless searches
limits dn.exact="cn=admin,dc=cas-aci,dc=ca" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
# Main DB
database bdb
suffix "dc=cas-aci,dc=ca"
rootdn "cn=admin,dc=cas-aci,dc=ca"
rootpw $PASSWORD
directory /var/db/openldap-data
# syncrepl Provider for primary db
overlay syncprov
syncprov-checkpoint 20 10
# Save modify times
lastmod on
# Indexing
index default eq
index objectclass,entryCSN,entryUUID
# accesslog overlay definitions for primary db
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
logpurge 07+00:00 01+00:00
# Let the replica DN have limitless searches
limits dn.exact="cn=admin,dc=cas-aci,dc=ca" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
# AccessLog syncrepl directives
syncrepl rid=001
provider=ldap://ldap1:389
bindmethod=simple
binddn="cn=thegiver,dc=cas-aci,dc=ca"
searchbase="dc=cas-aci,dc=ca"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
schemachecking=on
type=refreshAndPersist
retry="5 5 300 5"
syncdata=accesslog
interval=00:00:02:00
syncrepl rid=002
provider=ldap://ldap2:389
bindmethod=simple
binddn="cn=thegiver,dc=cas-aci,dc=ca"
searchbase="dc=cas-aci,dc=ca"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
schemachecking=on
type=refreshAndPersist
retry="5 5 300 5"
syncdata=accesslog
interval=00:00:02:00
# Data Replication
mirrormode on
# Logging
loglevel 256 128 64