Hello all!
I've migrated our LDAP infrastructure from 2.3.x to 2.4.11-1. We're
using Debian.
We use to have a master (balanced between two physical machines with
keepalived and two scripts, active/passive mode, both accessing the data
via NFS) with two replicas, and now I'm trying to evolve this configuration.
First, I configured one server as the provider and the two former slaves
as consumers, with syncrepl and delta-sync. That worked fine.
Now I'm in the second stage, in which I want to have two machines acting
in Mirrormode, with only one of them at a time with the VIP in his
interface. I want to configure that VIP as the provider IP in the two
machines that acts as consumers (and supports the big load of querys).
In theory this is possible (I thought so, please correct me otherwise),
but when I've modified the configuration of the two servers that acts as
Mirrormode providers, they don't propagate anything to each other.
Here's the configuration of the two Mirromode servers:
Server number 1:
----------------------
serverID 1
allow bind_v2
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Other includes here ...
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 256
modulepath /usr/lib/ldap
moduleload back_bdb.la
moduleload accesslog.la
moduleload syncprov.la
sizelimit 500
tool-threads 2
backend bdb
database bdb
suffix cn=accesslog
directory /var/lib/ldap/accesslog
rootdn cn=accesslog
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_flags DB_LOG_AUTOREMOVE
limits dn.exact="cn=admusr,ou=users,ou=administrative,o=dmstk"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
# Main database
database bdb
suffix "o=dmstk"
rootdn "cn=admusr,ou=users,ou=administrative,o=dmstk"
rootpw XXXXX
directory "/var/lib/ldap/dmstk"
dbconfig set_cachesize 0 6291456 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_flags DB_LOG_AUTOREMOVE
index objectClass,entryCSN,entryUUID,reqEnd,reqResult,reqStart eq
index mailID pres,eq,sub
index mailAlternateAddress pres,eq,sub
index mailStatus eq
index mailForwardingAddress eq
index hostingID pres,eq,sub
index ou eq
index uid eq
index mailServices sub
index DNSzonename eq
index mail pres,eq
lastmod on
checkpoint 512 30
overlay syncprov
syncprov-checkpoint 1000 60
syncprov-sessionlog 100
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 07+00:00 01+00:00
limits dn.exact="cn=admusr,ou=users,ou=administrative,o=dmstk"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
syncrepl rid=1
provider=ldap://server_two
bindmethod=simple
binddn="cn=admusr,ou=users,ou=administrative,o=dmstk"
credentials=ytslapd
searchbase="o=dmstk"
schemachecking=on
type=refreshAndPersist
interval=00:00:00:01
retry="60 +"
mirrormode on
access to *
by dn.base="cn=admusr,ou=users,ou=administrative,o=dmstk" read
by * break
# Other ACLs here ...
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to dn.base="" by * read
8<---8<---8<---8<---8<---8<---
Server number 2:
----------------------
serverID 2
allow bind_v2
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Other includes here ...
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 256
modulepath /usr/lib/ldap
moduleload back_bdb.la
moduleload accesslog.la
moduleload syncprov.la
sizelimit 500
tool-threads 2
backend bdb
database bdb
suffix cn=accesslog
directory /var/lib/ldap/accesslog
rootdn cn=accesslog
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_flags DB_LOG_AUTOREMOVE
limits dn.exact="cn=admusr,ou=users,ou=administrative,o=dmstk"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
# Main database
database bdb
suffix "o=dmstk"
rootdn "cn=admusr,ou=users,ou=administrative,o=dmstk"
rootpw XXXXX
directory "/var/lib/ldap/dmstk"
dbconfig set_cachesize 0 6291456 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_flags DB_LOG_AUTOREMOVE
index objectClass,entryCSN,entryUUID,reqEnd,reqResult,reqStart eq
index mailID pres,eq,sub
index mailAlternateAddress pres,eq,sub
index mailStatus eq
index mailForwardingAddress eq
index hostingID pres,eq,sub
index ou eq
index uid eq
index mailServices sub
index DNSzonename eq
index mail pres,eq
lastmod on
checkpoint 512 30
overlay syncprov
syncprov-checkpoint 1000 60
syncprov-sessionlog 100
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 07+00:00 01+00:00
limits dn.exact="cn=admusr,ou=users,ou=administrative,o=dmstk"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
syncrepl rid=1
provider=ldap://server_one
bindmethod=simple
binddn="cn=admusr,ou=users,ou=administrative,o=dmstk"
credentials=ytslapd
searchbase="o=dmstk"
schemachecking=on
type=refreshAndPersist
interval=00:00:00:01
retry="60 +"
mirrormode on
access to *
by dn.base="cn=admusr,ou=users,ou=administrative,o=dmstk" read
by * break
# Other ACLs here ...
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to dn.base="" by * read
8<---8<---8<---8<---8<---8<---
Any hints / ideas ?
Thanks in advance,