I see a lot of examples with syncrepl and one database in fact I am running one in that configuration with replication.
Now I need to run and replicate two different databases... I have the databases running on the master without repl.
I am wondering about the proper configuration on the slave should look like...
from the documentation I see that syncrepl is a database directive, can someone give me a simple example of what the configuration file should look like with two or more databases.
here is what I have now on the slave
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema # solaris.schema provides nisDomainObject, absent from nis.schema include /etc/openldap/schema/solaris.schema include /etc/openldap/schema/DUAConfigProfile.schema # samba.schema provides the samba information for samba clients include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
loglevel 4 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# TLS Configuration TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3 TLSCACertificateFile /etc/openldap/cacert.pem TLSCertificateFile /etc/openldap/slapd-cert-ldap2.pem TLSCertificateKeyFile /etc/openldap/slapd-key-ldap2.pem #Use the following if client authenication is required #TLSVerifyClient demand # ... or not desired at all #TLSVerifyClient never
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" directory /var/lib/openldap-data
# Indices to maintain index entryCSN,entryUUID eq
#Performance Tuning Directives sizelimit 5000 threads 8 idletimeout 14400 cachesize 10000 checkpoint 256 15
# synrepl parameters for the slave syncrepl rid=001 provider=ldap://server.example.com type=refreshOnly interval=00:00:05:00 searchbase="dc=example,dc=com" binddn="uid=syncrepl,ou=system,dc=example,dc=com" credentials=xxxxxx
# referral line to update the master updateref ldap://server.example.com
##### # ACL's #####
## Give Admins immediate write access access to dn.subtree="dc=example,dc=com" by group/groupOfUniqueNames/uniqueMember="cn=LDAP Admins,ou=Groups,dc=example,dc=com" write by * none break access to attrs=userPassword by self write by dn="cn=proxyagent,ou=profile,dc=example,dc=com" read by * auth access to * by self write by * read
######################################################################### # Database 2: #########################################################################
database bdb suffix "dc=wired,dc=hotdog,dc=com" rootdn "cn=Manager,dc=wired,dc=hotdog,dc=com" directory /var/lib/openldap-wired
# Indices to maintain for this database index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index objectClass eq index memberUid eq,subinitial index mail eq,subinitial index givenname eq,subinitial index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index entryCSN,entryUUID eq index default sub
#password-hash #password-hash {MD5} - slave doesn't set passwords either. #security ssf=1 update_ssf=112 simple_bind=64 tls=1 security tls=1 #disallow bind_anon #disallow bind_simple_unprotected #disallow bind_simple
# synrepl parameters for the slave syncrepl rid=001 provider=ldap://server.example.com type=refreshOnly interval=00:00:05:00 searchbase="dc=wired,dc=hotdog,dc=com" binddn="uid=syncrepl,ou=system,dc=example,dc=com" credentials=xxxxxx
##### # ACL's #####
## Give Admins immediate write access access to dn.subtree="dc=wired,dc=hotdog,dc=com" by group/groupOfUniqueNames/uniqueMember="cn=LDAP Admins,ou=Groups,dc=example,dc=com" write by * none break access to dn.base="" by self write by * auth access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read by anonymous auth
on the server I have
index entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 50 100 syncprov=sessionlog 100
in each database section....
Is this the correct approach??? notice the the rid numbers are the same is that right?
thanks
james