[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Offline modification in replicated environment

To: openldap-technical@openldap.org
Subject: Re: Offline modification in replicated environment
From: Howard Chu <hyc@symas.com>
Date: Sat, 23 Apr 2016 13:11:45 +0100
In-reply-to: <20160423043419.GA626@kiwi>
References: <20160423043419.GA626@kiwi>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 SeaMonkey/2.42a1

Ryan Tandy wrote:

When my (Debian's) users upgrade to 2.4.43 or later, if they use the ppolicy
overlay and cn=config, I have to add the pwdMaxRecordedFailure attribute to
the schema, otherwise slapd can't start.

Basic steps: slapcat the config database; a few lines of perl to add the new
attribute, update the pwdPolicy object class, and strip out modifiersName and
modifyTimestamp so they get regenerated; slapadd it back. No problem for a
standalone system.

The config database might be replicated, though. For that, I'm also removing
entryCSN from the schema entry I modify, and letting slapadd regenerate it.
I'm not using -S with slapadd, so the reloaded entry is getting sid 000 every
time.

I've tested master-slave and master-master setups, and this seems to be
working as intended. But I'd like to ask the people here who have more
experience with replication than I do: is this a bad plan? What could go wrong?

SID 000 modifications are ignored in multimaster replication; you're going toneed to use a valid SID.


thanks,
Ryan



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Offline modification in replicated environment
  - From: Ryan Tandy <ryan@nardis.ca>

Prev by Date: Offline modification in replicated environment
Next by Date: ACLs: restrict by IP and user
Index(es):
- Chronological
- Thread