I would like to clarify some things on your suggestions
On Mon, Jun 30, 2008 at 1:26 PM, Buchan Milne bgmilne@staff.telkomsa.net wrote:
But it seems you have implemented this by using a single database at dc=example,dc=com, with multiple syncrepl statements (one for each subtree that you replicate). As far as I know, this in not supported. Instead, you should consider using a separate database for each syncrepl statement, and glue the databases together by using the 'subordinate' statement in each sub-tree database.
This would look something like this:
database bdb suffix o=BranchMain,dc=example,dc=com subordinate syncrepl ... [...]
database bdb suffix o=Branch1,dc=example,dc=com subordinate syncrepl ... [...]
database bdb suffix dc=example,dc=com syncrepl ...
Ok, as I understand I have nothing to change at my master, right?
Do I miss something but I expect my replica server to display all my glued databases as one. Slapd.conf man page says, that slapcat should dump all glued databases, but onnly slapcat -b gives me results. Why do you wrote syncrepl directive for suffix dc=example,dc=com? As I understand glueing works for databases under the same suffixes, so the last suffix dc=example,dc=com is needed only to create a global naming context and glue all replicated databases under the same tree. I'm very new to subordinate and glueing databases so I probably miss something, but I can't get search to be performed under both databases.
I didn;t change config for master, and for slave I have (omited some unimportant things)
overlay chain chain-uri "ldap://master.server" chain-idassert-bind bindmethod="simple" binddn="cn=Manager,dc=example,dc=com" credentials=secret mode="none" chain-tls start chain-return-error TRUE
##### BranchX database database bdb suffix "o=BranchX,dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" directory /var/lib/ldap/sub-rid-002 subordinate overlay syncprov checkpoint 256 5
syncrepl rid=002 provider=ldap://master.server:389 type=refreshAndPersist retry="60 +" searchbase="o=BranchX,dc=example,dc=com" filter="(objectClass=*)" scope=sub attrs=*,+ schemachecking=off bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret starttls=yes
updateref ldap://master.server
##### BranchMain database database bdb suffix "o=BranchMain,dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" directory /var/lib/ldap/sub-rid-001 subordinate overlay syncprov checkpoint 256 5
syncrepl rid=001 provider=ldap://master.server:389 type=refreshAndPersist retry="60 +" searchbase="o=BranchMain,dc=example,dc=com" filter="(objectClass=*)" scope=sub attrs=*,+ schemachecking=off bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret starttls=yes updateref ldap://master.server
###### main suffix database as I think database bdb suffix "dc=iexample,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw secret directory /var/lib/ldap overlay glue overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 1000
As you see I didn't add synrepl directive, because I don't know what to replicate in this database as everything I want to have in this server is already replicated to previous databases.
What could be wrong?
PS I should clarify maybe my design. I want each server to have dn: o=BranchMain,dc=example,dc=com dn: o=BrancX,dc=example,dc=com
Master should have dn: o=BranchMain,dc=example,dc=com dn: o=BrancX,dc=example,dc=com ..... dn: o=BrancY,dc=example,dc=com
What is important - I have alias objects on server pointing from leaf in BranchX to leafs in BranchMain. Then having separate backends in replicas these alias won't work anymore. Will glueing databases solve this problem? Or should I think about other options? What could be the options in this case? I do auhtorization on BranchX uids, and aliases lets me have users to be able to authenticate in all the servers.
Thanks in advance Liutauras