[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Q] can I replicate several branches to the same slave from one master?

To: Zeus Panchenko <zeus@ibs.dn.ua>
Subject: Re: [Q] can I replicate several branches to the same slave from one master?
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Thu, 29 Jun 2017 15:47:07 +0100
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <20170627010438.33399@relay.ibs.dn.ua>
References: <20170627010438.33399@relay.ibs.dn.ua>
User-agent: Mutt/1.5.21 (2010-09-15)

On Tue, Jun 27, 2017 at 01:04:38AM -2100, Zeus Panchenko wrote:

> Subject: [Q] can I replicate several branches to the same slave from one master?

> on master I see: consumer state is newer than provider
> on slave: LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform
> 
> so ... what is wrong here?

I suspect part of the trouble is that you have two syncrepl clauses using the
same search base on the same master. The timestamps are likely to be stored
in the same place, causing a clash.

One definite error is that all three clauses are labelled 'rid=123'. They should
all have different numbers.

Try fixing the RIDs - use small numbers, all different. The exact values are not important.
Also try commenting out the second syncrepl clause until you have the others working properly.
You should be able to merge the first and second clauses as they share a search-base.

You may also need to put ACLs on the accesslog database.

Andrew

> - ---[ master configuration quotation start ]---------------------------
> ...
> access to dn.children="dc=example"
>        by dn.exact="uid=replABC,ou=repl,dc=example" read
>        by * break
> 
> # syncprov specific indexing
> index entryCSN eq
> index entryUUID eq
> 
> overlay syncprov
> syncprov-checkpoint 50 10
> syncprov-sessionlog 100
> 
> overlay accesslog
> logdb   cn=example-accesslog
> logops  writes
> logold  (objectclass=*)
> index   default eq
> 
> ### Accesslog DB
> database        mdb
> maxsize         1073741824
> suffix          cn=example-accesslog
> rootdn          "cn=root,cn=example-accesslog"
> rootpw          ***
> directory       "/var/db/openldap-data/example-accesslog"
> 
> index           default eq
> index           entryCSN,objectClass,reqEnd,reqResult,reqStart
> 
> overlay syncprov
> syncprov-nopresent TRUE
> syncprov-reloadhint TRUE
> ...
> - ---[ master configuration quotation end   ]---------------------------
> 
> 
> 
> - ---[ slave configuration quotation start ]----------------------------
> syncrepl rid=123
> provider=ldap://master.example:389
> starttls=critical
> searchbase="dc=example"
> bindmethod=simple
> binddn="uid=replABC,ou=repl,dc=example"
> credentials="***"
> filter="(|(&(objectClass=authorizedServiceObject)(objectClass=mailutilsAccount)(authorizedService=mail@foo.bar)))"
> attrs="cn,entry,entryCSN,entryUUID,o,uid,uidNumber,gidNumber,gecos,homeDirectory,loginShell,userPassword,creatorsName,createTimestamp,modifiersName,modifyTimestamp,mail,rfc822MailMember,sn,authorizedService,mu-mailBox"
> tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
> tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
> tls_key=/usr/local/etc/openldap/ssl/ABC.key
> tls_reqcert=try
> type=refreshAndPersist
> retry="60 +"
> logbase="cn=example-accesslog"
> logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
> syncdata=accesslog
> 
> syncrepl rid=123
> provider=ldap://master.example:389
> starttls=critical
> searchbase="dc=example"
> bindmethod=simple
> binddn="uid=replABC,ou=repl,dc=example"
> credentials="***"
> filter="(&(objectClass=authorizedServiceObject)(authorizedService=xmpp@foo.bar))"
> tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
> tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
> tls_key=/usr/local/etc/openldap/ssl/ABC.key
> tls_reqcert=try
> type=refreshAndPersist
> retry="60 +"
> logbase="cn=example-accesslog"
> logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
> syncdata=accesslog
> 
> syncrepl rid=123
> provider=ldap://master.example:389
> starttls=critical
> searchbase="ou=ABC,ou=Sendmail,dc=example"
> bindmethod=simple
> binddn="uid=replABC,ou=repl,dc=example"
> credentials="***"
> tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
> tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
> tls_key=/usr/local/etc/openldap/ssl/ABC.key
> tls_reqcert=try
> type=refreshAndPersist
> retry="60 +"
> logbase="cn=example-accesslog"
> logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
> syncdata=accesslog

-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Follow-Ups:
- Re: [Q] can I replicate several branches to the same slave from one master?
  - From: "Zeus Panchenko" <zeus@ibs.dn.ua>

References:
- [Q] can I replicate several branches to the same slave from one master?
  - From: "Zeus Panchenko" <zeus@ibs.dn.ua>

Prev by Date: Re: EXOPs for PHP LDAP
Next by Date: Re: [Q] can I replicate several branches to the same slave from one master?
Index(es):
- Chronological
- Thread