Hello all!
I've migrated our LDAP infrastructure from 2.3.x to 2.4.11-1. We're using Debian. We use to have a master (balanced between two physical machines with keepalived and two scripts, active/passive mode, both accessing the data via NFS) with two replicas, and now I'm trying to evolve this configuration.
First, I configured one server as the provider and the two former slaves as consumers, with syncrepl and delta-sync. That worked fine.
Now I'm in the second stage, in which I want to have two machines acting in Mirrormode, with only one of them at a time with the VIP in his interface. I want to configure that VIP as the provider IP in the two machines that acts as consumers (and supports the big load of querys). In theory this is possible (I thought so, please correct me otherwise), but when I've modified the configuration of the two servers that acts as Mirrormode providers, they don't propagate anything to each other.
Here's the configuration of the two Mirromode servers:
Server number 1: ---------------------- serverID 1 allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Other includes here ... pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256
modulepath /usr/lib/ldap moduleload back_bdb.la moduleload accesslog.la moduleload syncprov.la
sizelimit 500 tool-threads 2 backend bdb
database bdb suffix cn=accesslog directory /var/lib/ldap/accesslog rootdn cn=accesslog index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_flags DB_LOG_AUTOREMOVE limits dn.exact="cn=admusr,ou=users,ou=administrative,o=dmstk" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
# Main database database bdb suffix "o=dmstk" rootdn "cn=admusr,ou=users,ou=administrative,o=dmstk" rootpw XXXXX
directory "/var/lib/ldap/dmstk"
dbconfig set_cachesize 0 6291456 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_flags DB_LOG_AUTOREMOVE index objectClass,entryCSN,entryUUID,reqEnd,reqResult,reqStart eq index mailID pres,eq,sub index mailAlternateAddress pres,eq,sub index mailStatus eq index mailForwardingAddress eq index hostingID pres,eq,sub index ou eq index uid eq index mailServices sub index DNSzonename eq index mail pres,eq lastmod on checkpoint 512 30
overlay syncprov syncprov-checkpoint 1000 60 syncprov-sessionlog 100 overlay accesslog
logdb cn=accesslog logops writes logsuccess TRUE logpurge 07+00:00 01+00:00
limits dn.exact="cn=admusr,ou=users,ou=administrative,o=dmstk" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
syncrepl rid=1 provider=ldap://server_two bindmethod=simple binddn="cn=admusr,ou=users,ou=administrative,o=dmstk" credentials=ytslapd searchbase="o=dmstk" schemachecking=on type=refreshAndPersist interval=00:00:00:01 retry="60 +" mirrormode on
access to * by dn.base="cn=admusr,ou=users,ou=administrative,o=dmstk" read by * break
# Other ACLs here ...
access to attrs=userPassword by anonymous auth by self write by * none
access to dn.base="" by * read
8<---8<---8<---8<---8<---8<---
Server number 2: ---------------------- serverID 2 allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Other includes here ... pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256
modulepath /usr/lib/ldap moduleload back_bdb.la moduleload accesslog.la moduleload syncprov.la
sizelimit 500 tool-threads 2 backend bdb
database bdb suffix cn=accesslog directory /var/lib/ldap/accesslog rootdn cn=accesslog index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_flags DB_LOG_AUTOREMOVE limits dn.exact="cn=admusr,ou=users,ou=administrative,o=dmstk" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
# Main database database bdb suffix "o=dmstk" rootdn "cn=admusr,ou=users,ou=administrative,o=dmstk" rootpw XXXXX
directory "/var/lib/ldap/dmstk"
dbconfig set_cachesize 0 6291456 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_flags DB_LOG_AUTOREMOVE index objectClass,entryCSN,entryUUID,reqEnd,reqResult,reqStart eq index mailID pres,eq,sub index mailAlternateAddress pres,eq,sub index mailStatus eq index mailForwardingAddress eq index hostingID pres,eq,sub index ou eq index uid eq index mailServices sub index DNSzonename eq index mail pres,eq lastmod on checkpoint 512 30
overlay syncprov syncprov-checkpoint 1000 60 syncprov-sessionlog 100 overlay accesslog
logdb cn=accesslog logops writes logsuccess TRUE logpurge 07+00:00 01+00:00
limits dn.exact="cn=admusr,ou=users,ou=administrative,o=dmstk" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
syncrepl rid=1 provider=ldap://server_one bindmethod=simple binddn="cn=admusr,ou=users,ou=administrative,o=dmstk" credentials=ytslapd searchbase="o=dmstk" schemachecking=on type=refreshAndPersist interval=00:00:00:01 retry="60 +" mirrormode on
access to * by dn.base="cn=admusr,ou=users,ou=administrative,o=dmstk" read by * break
# Other ACLs here ...
access to attrs=userPassword by anonymous auth by self write by * none
access to dn.base="" by * read
8<---8<---8<---8<---8<---8<---
Any hints / ideas ?
Thanks in advance,