I have two issues.
1. Multi-master replication does not seem to work reliably for me, changes on master1 often do not get replicated to master2 or vice versa.
One thing I think is a bit weird is that I have to use "mirrormode on" but reading the documentation mirrormode is not really multi-master, its master w/ failover basically. All writes should go to one master but I want true multi-master where writes can go to either master at any time.
If I remove mirrormode on I get "unwilling to perform" or update referrals when trying to write to my masters. Should I be using mirrormode for multi-master replication?
2. I am not sure my overlays are ordered in the best way and wonder if this misordering is a part of the replication problems I am seeing.
Can anyone offer any suggestions as to what I might have wrong for multi-master replication or for the proper stacking order of my overlays?
I am using openldap 2.4.11 and I am configuring everything with slapd.conf.
I am trying to update to 2.4.16 but I need a reliable RPM for it. It is company policy that the build tools do not go on production servers so I must find an RPM or build an RPM on our build box.
--- Begin master1 slapd.conf --- ...globals, schema and such...
password-hash {SSHA}
ServerID 1
# access.conf contains all access statements which get rsynced # to all master and slave ldap servers include /etc/openldap/access.conf
authz-policy both sizelimit unlimited
database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw secret directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index member,uniqueMember,memberOf eq,pres index entryCSN,entryUUID eq
overlay accesslog logdb cn=log logops writes session logpurge 7+00:00 1+00:00
overlay ppolicy ppolicy_default cn=ppolicy_default,ou=policies,dc=example,dc=com ppolicy_use_lockout true
syncrepl rid=001 provider=ldap://master2/ bindmethod=simple binddn="cn=replicator,dc=example,dc=com" credentials=secret searchbase="dc=example,dc=com" schemachecking=off type=refreshAndPersist starttls=yes tls_reqcert=never retry="60 5 600 +"
overlay syncprov syncprov-checkpoint 100 10
mirrormode on
overlay unique unique_uri "ldap:///o=*,dc=example,dc=com?uid?sub?(objectClass=posixAccount)" unique_uri "ldap:///o=*,dc=example,dc=com?uidNumber?sub?(objectClass=posixAccount)" unique_uri "ldap:///o=*,dc=example,dc=com?cn?sub?(objectClass=posixGroup)"
overlay dynlist dynlist-attrset posixGroup memberURL memberUid:uid
overlay memberof memberof-refint TRUE memberof-dangling error --- End master1 slapd.conf ---
Master2 slapd.conf is identical except for being ServerID 2 and its syncrepl provider is master1.