[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multi-Master OpenLDAP Replication for 3 nodes -- slapadd command failing



Hi Bernd and Dieter,

Thank you very much for your advice.

Unfortunately, however, I still haven't succeeded in getting N-way MMR to work.

So, to get it straight in my mind, I've written it up in 3 parts below -- (1) Problem Statement and Requirements, (2) My Implementation Attempt, and (3) Where It's Failing.

(1) Problem Statement and Requirements:
==============================
Need N-Way Multi-Master OpenLDAP Replication for 3 nodes.

LDAP Writes are infrequent, but can occur to any of the 3 nodes.

No need for high performance.

No need for ACID transactions.

There is no database or anything at all at present, so it's a clean slate for development.

slapd.conf(5) will not be used at all.  Only slapd-config will be used for configuring.

The only back-end that will be used is bdb.

The only replication mechanism is syncrepl in Provider Push mode of operation, ie., refreshAndPersist, which is initiated by a Consumer.
(Consumer Pull mode of operation, ie. refreshOnly, will not be used at all.).
So,
once the Provider services the Consumer’s search request, Provider locally persists the synchronization search.

There will be no maintaining of any Provider session log store.
Thus only the Present phase of the refresh synchronization will be used.
(not the Delete phase at all).

Database creation will be performed off-line (to ensure database is not accessed while being created!).
(not on-line).
Thus the database creation tools that will be used are slapadd, slapcat, slaptest etc.
(not ldapadd, ldapmodify etc.)

In fact, there being no database to begin with, for slapadd I must use the "-b suffix" to specify which database to add entries to.
slapadd -b bdb
(not the "slapadd -n 0" parameter to specify the zero-th database.).


(2) My Implementation Attempt:
==========================
I have copy-pasted the exact text from the OpenLDAP 2.4 Administrator's Guide, Section 18.3.3 "N-Way Multi-Master" (with my only changes being to my user variables), as follows:

####################################
# mmr.ldif
####################################
# This sets up the config database:
dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret

# second and third servers will have a different olcServerID obviously:
dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 2

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret

dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 3

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret

# This sets up syncrepl as a provider (since these are all masters):
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/local/libexec/openldap
olcModuleLoad: syncprov.la

# Now we setup the first Master Node
# (replace $URI1, $URI2 and $URI3 etc. with your actual ldap urls):
URI1="ldap://ldap.node1.mycompany.com"
URI2="ldap://ldap.node2.mycompany.com"
URI3="ldap://ldap.node3.mycompany.com"
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 $URI1
olcServerID: 2 $URI2
olcServerID: 3 $URI3

dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1

add: olcMirrorMode
olcMirrorMode: TRUE

# Now start up the Master and a consumer/s;
# also add the above LDIF to the first consumer, second consumer etc.
# It will then replicate cn=config.
# You now have N-Way Multimaster on the config database.

# We still have to replicate the actual data, not just the config;
# so add to the master
# (all active and configured consumers/masters will pull down this config,
# as they are all syncing).
# Also, replace all ${} variables with whatever is applicable to your setup:
BACKEND=bdb
BASEDN="dc=ldapservice,dc=hq,dc=mycompany,dc=com"
MANAGERDN="cn=Admins,$BASEDN"
PASSWD=secret
dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig
objectClass: olc${BACKEND}Config
olcDatabase: {1}$BACKEND
olcSuffix: $BASEDN
olcDbDirectory: ./db
olcRootDN: $MANAGERDN
olcRootPW: $PASSWD
olcLimits: dn.exact="$MANAGERDN" time.soft=unlimited time.hard=unlimited size.soft=unlimited olcSyncRepl:

rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=006 provider=$URI3 binddn="$MANAGERDN" bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE

dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

# Note: All of your servers' clocks must be tightly synchronized using e.g. NTP.
# Note: URLs specified in olcSyncRepl directives are the servers URLs to replicate from.
# These must exactly match the URLs slapd listens on (-h in Command-Line Options).
# Otherwise slapd may attempt to replicate from itself, causing a loop.


(3)  Where It's Failing:
=================
I first executed the following:

slapadd -v -F /usr/local/etc/openldap/slapd.d -b bdb -l mmr.ldif

But that was a fiasco, saying "slapadd: slap_init invalid suffix ("bdb") ".
So I suppose I must create the database beforehand?

So then I created the database (by running slapd using slapd.conf with "database config" and "rootpw config" directives commented out); then I stopped the slapd service and executed the following:
slapadd -v -F /usr/local/etc/openldap/slapd.d -n 0 -l mmr.ldif
That failed too, saying "slapadd: could not add entry dn="cn=config" (line=1)".

So then I tried:

slapadd -v -F /usr/local/etc/openldap/slapd.d -n 1 -l mmr.ldif
That failed too, saying "slapadd: database doesn't support necessary operations".


So then I tried:
slapadd -v -F /usr/local/etc/openldap/slapd.d -n 2 -l mmr.ldif
That failed too, saying "slapadd: line 1: database #2 (dc=ldapservice,dc=hq,dc=mycompany,dc=com) not configured to hold "cn=config"; did you mean to use database #0 (cn=config)?".


Of course, when I try any other number for n it says "Database number selected via -n is out of range.  Must be in the range 0 to 2 (the number of configured databases)."


So, my question is:
How in the world do I configure my database #0 to also include my database #2 entities?

Or, alternatively, how do I configure my database #2 to also hold "cn=config"?

There is an old OpenLDAP.org blog which summarises how, but doesn't describe any execution steps at all:
http://blog.suretecsystems.com/archives/40-OpenLDAP-Weekly-News-Issue-5.html
"

Multi-Master Replication configuration example:

This has been asked for a few times now, so I'm putting an example here for use with OpenLDAP 2.4.6, which will then be part of the main docs

This is adapted from test050-syncrepl-multimaster

A proper writeup will be in the admin guide soon, I promise ;-)

Right, the following is all in LDIF format and you slapadd them to your cn=config on the amount of Master nodes you have/want (using slappasswd of course):

This sets up the config database:
"

I really urgently need your help with this, please.  I thoroughly appreciate your help so far.

Thanks

Fal


On Fri, Dec 28, 2012 at 9:18 AM, fal patel <fal0patel@gmail.com> wrote:


---------- Forwarded message ----------
From: Bernd May <bernd@net.t-labs.tu-berlin.de>
Date: Fri, Dec 28, 2012 at 5:07 AM
Subject: Re: Multi-Master OpenLDAP Replication for 3 nodes -- slapadd command failing
To: openldap-technical@openldap.org


From the manpage of slapadd:

'-n dbnum       Add  entries  to  the dbnum-th database listed in the
configuration file.  The -n cannot be used in conjunction with the -b
option.  To populate the config database slapd-config(5), use -n 0 as it
is always  the  first  database.  It must physically exist on the
filesystem prior to this, however.'

hth

On 28.12.2012 09:14, fal patel wrote:
> Hi Dieter,
>
> Thank you very much, but even though I spent all day trying to figure out
> the problem I could not make any progress at all.
>
> The mmr_servers.ldif file I provided is an *exact* copy of the OpenLDAP 2.4
> Administrator's Guide Section 18.3.3 "N-Way Multi-Master", so if it is not
> working it has to be a documentation error/bug in that section of the
> Administrator's Guide itself.
> Or is it the case that the variables I'm setting therein are wrong?
>
> Here are the variable values I'm setting:
> ============================
> # Also, replace all ${} variables with whatever is applicable to your setup:
> BACKEND=bdb
> BASEDN="dc=ldapservice,dc=hq,dc=mycompany,dc=com"
> MANAGERDN="cn=admin,$BASEDN"
> PASSWD=secret
>
>
> The slapd.conf file also is the *exact* same one that gets created at
> install-time in /usr/local/etc/openldap/ , with the only change being my
> "BDB database definitions" customisations as follows:
> #######################################################################
> # BDB database definitions
> #######################################################################
>
> ## added for multimaster replication (prior to running slapadd to create
> db):
> database        bdb
> # suffix <DN of root of subtree you are trying to create>
> suffix          "dc=ldapservice,dc=hq,dc=mycompany,dc=com"
> rootdn          "cn=admin,dc=ldapservice,dc=hq,dc=mycompany,dc=com"
> rootpw          secret
> # directory for index files
> directory       /usr/local/var/openldap-data
> # specify which indices you want to build
> index   objectClass     eq
> # loglevel 64
>
>
> Whatever I try, however, slapadd gives the same error:
> =======================================
> ubuntu11@ubuntu11:~$ sudo slapadd -l
> /home/ubuntu11/openldap-2.4.33/mmr_servers.ldif -f
> /usr/local/etc/openldap/slapd.conf -F /usr/local/etc/openldap/slapd.d
> 50dd4b2a bdb_monitor_db_open: monitoring disabled; configure monitor
> database to enable
> slapadd: line 1: database #1
> (dc=ldapservice,dc=hq,dc=practicefusion,dc=com) not configured to hold
> "cn=config"; did you mean to use database #0 (cn=config)?
> _                       3.25% eta   none elapsed            none spd 833.5
> k/s
> Closing DB...
>
>
> I didn't quite understand your instructions either:
> ==================================
> "cn=config has to be database  number 0, that
> is, the first database declaration must be cn=config."
>
> In mmr_servers.ldif, the very first line is
> dn:   cn=config
>
> How do I cause cn=config to be database number 0 , please?
>
> And why should I have to, unless the text in OpenLDAP 2.4 Administrator's
> Guide, Section 18.3.3 "N-Way Multi-Master" has a bug?
>
> Could you please advise?  I am completely stuck.
>
> Thank you very much.
>
> Fal
>
>
>
> On Thu, Dec 27, 2012 at 3:54 AM, Dieter Klünter <dieter@dkluenter.de> wrote:
>
>> Am Thu, 27 Dec 2012 02:22:18 -0800
>> schrieb fal patel <fal0patel@gmail.com>:
>>
>>> Oops -- forgot to enter subject-line!
>>>
>>>
>>> On Thu, Dec 27, 2012 at 2:11 AM, fal patel <fal0patel@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I'm trying to accomplish Multi-Master OpenLDAP Replication for 3
>>>> nodes, but it's not working.
>> [...]
>>>>
>>>> (1)  The slapadd command, I execute, and the error message I get:
>>>> ================================================
>>>> sudo slapadd -l /home/ubuntu11/openldap-2.4.33/mmr_servers.ldif -f
>>>> /usr/local/etc/openldap/slapd.conf
>>>> -F /usr/local/etc/openldap/slapd.d [sudo] password for ubuntu11:
>>>> 50dc0b31 bdb_monitor_db_open: monitoring disabled; configure monitor
>>>> database to enable
>>>> slapadd: line 1: database #1
>>>> (dc=ldapservice,dc=hq,dc=mycompany,dc=com) not configured to hold
>>>> "cn=config"; did you mean to use database #0 (cn=config)?
>>>> _                       2.58% eta   none elapsed            none
>>
>> This error is quite clear, cn=config has to be database  number 0, that
>> is, the first database declaration must be cn=config.
>> This is probably due to including a slapd.conf file with a database
>> declaration.
>>
>> -Dieter
>>
>> --
>> Dieter Klünter | Systemberatung
>> http://dkluenter.de
>> GPG Key ID:DA147B05
>> 53°37'09,95"N
>> 10°08'02,42"E
>>
>>
>

--
Technische Universität Berlin - FGINET

Bernd May

System Administration
An-Institut Deutsche Telekom Laboratories
Sekr. TEL 16
Ernst-Reuter-Platz 7
10587 BERLIN
GERMANY

Mobile: 0160/90257737
E-Mail: bernd@net.t-labs.tu-berlin.de (T-Labs work)
WWW:    net.t-labs.tu-berlin.de