On 2/27/07, Cian Davis davisc@skynet.ie wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi All, Apologies if this has been posted before - I had a search through the archives but couldn't find anything.
We have a master slapd and slurpd feeding to a slave LDAP server - all user info, including auth, comes from LDAP. The LDAP master machine has /home and the slave runs the mail server. I had thought that I saw something in the OpenLDAP manual that you could force any attempted changes on the slave server to be redirected to the master (and then obviously, the changes would get to the slave via a push from slurpd). But after numerous searches, I can't find it. Was I imagining things or is there such a directive?
Now this may sound stupid, but if you put the slave slapd into readonly mode, can it accept updates from slurpd on the master? It would reduce the chances of writes being made to the slapd on the slave and causing synchronisation headaches.
You're looking for updateref in slapd.conf: updateref <url> Specify the referral to pass back when slapd(8) is asked to modify a replicated local database. If specified multiple times, each url is provided.
When a database is in a mode to accept updates from slurpd, it will reject all writes even without the updatedn unless those writes include structuralobjectclass and other operational attributes.