I would like to clarify some things on your suggestions

On Mon, Jun 30, 2008 at 1:26 PM, Buchan Milne <bgmilne@staff.telkomsa.net> wrote:

But it seems you have implemented this by using a single database at
dc=example,dc=com, with multiple syncrepl statements (one for each subtree
that you replicate). As far as I know, this in not supported. Instead, you
should consider using a separate database for each syncrepl statement, and
glue the databases together by using the 'subordinate' statement in each
sub-tree database.

This would look something like this:

database bdb
suffix o=BranchMain,dc=example,dc=com
subordinate
syncrepl ...
[...]

database bdb
suffix o=Branch1,dc=example,dc=com
subordinate
syncrepl ...
[...]

database bdb
suffix dc=example,dc=com
syncrepl ...

Ok, as I understand I have nothing to change at my master, right?
Do I miss something but I expect my replica server to display all my glued databases as one. Slapd.conf man page says, that slapcat should dump all glued databases, but onnly slapcat -b gives me results.
Why do you wrote syncrepl directive for suffix dc=example,dc=com? As I understand glueing works for databases under the same suffixes, so the last suffix dc=example,dc=com is needed only to create a global naming context and glue all replicated databases under the same tree.
I'm very new to subordinate and glueing databases so I probably miss something, but I can't get search to be performed under both databases.

I didn;t change config for master, and for slave I have (omited some unimportant things)

overlay                 chain
chain-uri               "ldap://master.server"
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=Manager,dc=example,dc=com"
                        credentials=secret
                        mode="none"
chain-tls               start
chain-return-error      TRUE

##### BranchX database
database        bdb
suffix          "o=BranchX,dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
directory       /var/lib/ldap/sub-rid-002
subordinate
overlay         syncprov
checkpoint 256 5

syncrepl rid=002
    provider=ldap://master.server:389
    type=refreshAndPersist
    retry="60 +"
    searchbase="o=BranchX,dc=example,dc=com"
    filter="(objectClass=*)"
    scope=sub
    attrs=*,+
    schemachecking=off
    bindmethod=simple
    binddn="cn=Manager,dc=example,dc=com"
    credentials=secret
    starttls=yes

updateref ldap://master.server

##### BranchMain database
database        bdb
suffix          "o=BranchMain,dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
directory       /var/lib/ldap/sub-rid-001
subordinate
overlay syncprov
checkpoint 256 5

syncrepl rid=001
    provider=ldap://master.server:389
    type=refreshAndPersist
    retry="60 +"
    searchbase="o=BranchMain,dc=example,dc=com"
    filter="(objectClass=*)"
    scope=sub
    attrs=*,+
    schemachecking=off
    bindmethod=simple
    binddn="cn=Manager,dc=example,dc=com"
    credentials=secret
    starttls=yes
updateref ldap://master.server

###### main suffix database as I think
database        bdb
suffix          "dc=iexample,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          secret
directory       /var/lib/ldap
overlay glue
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 1000

As you see I didn't add synrepl directive, because I don't know what to replicate in this database as everything I want to have in this server is already replicated to previous databases.

What could be wrong?

PS I should clarify maybe my design. I want each server to have
dn: o=BranchMain,dc=example,dc=com
dn: o=BrancX,dc=example,dc=com

Master should have
dn: o=BranchMain,dc=example,dc=com
dn: o=BrancX,dc=example,dc=com
.....
dn: o=BrancY,dc=example,dc=com

What is important - I have alias objects on server pointing from leaf in BranchX to leafs in BranchMain. Then having separate backends in replicas these alias won't work anymore. Will glueing databases solve this problem? Or should I think about other options? What could be the options in this case? I do auhtorization on BranchX uids, and aliases lets me have users to be able to authenticate in all the servers.

Thanks in advance
Liutauras