--On Friday, October 05, 2007 9:53 AM +0200 Guillaume Rousse Guillaume.Rousse@inria.fr wrote:
First, I noticed than changes on the slaves seems to be written from rootdn, not from the dn declared in the syncrepl directive, which seems to be only used on the master, meaning I don't need any specific ACL on the slave. Is this correct ?
Right, the DN in the syncrepl directive is purely for how it performs its searches on the master.
Second, I have several slaves synchronizing on the same master. From slapd.conf man page, rid is supposed to be unique in the consumer only, meaning all my slaves can safely use the same rid (easier for maintaining centralized configurations). Is this correct interpretation ?
Correct.
Third, I noticed a lot of errors correction for syncrepl in openldap changelog. As I can't easily change installed versions (our policy is to stick with our distribution provided package, meaning a mix of 2.3.27 and 2.3.34), am I correct assuming 'refresh only' mode is less fragile than 'refresh & persist' mode, and than total synchronisation is also less fragile than delta synchronisation, if I need to fallback on a safer mode ?
Nope. And, by the way, I'd seriously examine your policy, it is mightily flawed. Distro versions are almost never meant for running OpenLDAP as a server, but for providing the client libraries. You are only setting yourself up to be shot in the foot by following your current policy. A wiser choice would be to do something like use the pre-compiled releases from Symas (http://www.symas.com/) or if you are using RedHat or CentOS, Buchan Milne's pre-compiled packages
http://staff.telkomsa.net/packages/
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration