On Tue, May 22, 2007 at 04:54:31PM +0200, Raphaël 'SurcouF' Bordet wrote:
Le lundi 07 mai 2007 à 13:52 -0300, Andreas Hasenack a écrit :
On Mon, May 07, 2007 at 06:05:52PM +0200, Raphaël 'SurcouF' Bordet wrote:
Le vendredi 04 mai 2007 à 11:32 -0700, Howard Chu a écrit :
Raphaël 'SurcouF' Bordet wrote:
Hi,
I'm using OpenLDAP 2.3.35 with a distributed architectures with many databases in the same naming context. I've designed a scheme of my architecture for easier understanding : http://img370.imageshack.us/img370/693/architectureldapossaud3.png
There are a number of problems with syncprov and multiple glued remote databases in OpenLDAP 2.3. These have been resolved in OpenLDAP 2.4.
Hi,
I need a stable version of OpenLDAP, not a alpha stage. Can I have a patch with only syncprov and glue overlays corrected ?
I doubt this will be fixed for 2.3. You could wait for 2.4 to become "stable" or change a bit your setup, as I did. Basically, don't rely on glue for the replication: replicate each database on itw own. Use the glue overlay just for client searches. For replication, pretend it's not there.
Hi,
How can limit the usage of glue overlays to clients search ? I need to replicate my global database to front-ends and to subordinate openldap servers... I can' wait for 2.4.
This is what I did. Consider this tree and these two servers (from ITS#4626):
Provider. ou=global is another database here. I use glue.
+ dc=example,dc=com (db1, rep1) / \ ... + ou=global (db2, rep2) / \ ...
Consumer: + dc=example,dc=com (from rep1, *exc* rep2) / \ ... + ou=global (from rep2) / \ ... ...
If I point the consumer at the provider's root, replication has issues when reaching ou=global (see the ITS for details). So, what I did was use two replications: one for ou=global, and another one for dc=example,dc=com *excluding* the ou=global branch. And also two databases in the consumer.
ou=global suffix at the consumer: syncrepl rid=002 provider=ldap://ldap.server type=refreshAndPersist retry="10 +" searchbase="ou=global,dc=example,dc=com" scobe=sub filter="(objectClass=*)" bindmethod=simple binddn="uid=LDAP Replicator,ou=System Accounts,ou=global,dc=example,dc=com" credentials="ldapreplicator"
dc=example,dc=com suffix at the consumer: syncrepl rid=001 provider=ldap://ldap.server type=refreshAndPersist retry="10 +" searchbase="dc=example,dc=com" scobe=sub filter="(!(entryDN:dnSubtreeMatch:=ou=Global,dc=example,dc=com))" bindmethod=simple binddn="uid=LDAP Replicator,ou=System Accounts,ou=global,dc=example,dc=com" credentials="ldapreplicator"
Notice the filter which is excluding the ou=global part.