Hello
I have an openldap master-slave setup, and I need to make a simple schema change to add an attribute to an objectclass which is defined as below:
objectclass ( dgMail:1.2.2 NAME 'dgMailAuth' DESC 'SASL Authentication for mail' SUP top STRUCTURAL MUST dgDBID MAY ( uid $ userPassword $ mail ) )
I just need to add an attribute called mailDrop, which is already defined in the schema, but only used in other objectclasses, so the last line would become
MAY ( uid $ userPassword $ mail $ mailDrop ) )
My question is: is it safe to do this one server at a time, editing the schema file and restarting the daemon, or will I have problems with the temporary schema mismatch? I would like to minimize the downtime of the operation, since the system is heavily used in production.
Thanks in advance, Andre
On 7/6/07, Andre Nathan andre@digirati.com.br wrote:
Hello
I have an openldap master-slave setup, and I need to make a simple schema change to add an attribute to an objectclass which is defined as below:
objectclass ( dgMail:1.2.2 NAME 'dgMailAuth' DESC 'SASL Authentication for mail' SUP top STRUCTURAL MUST dgDBID MAY ( uid $ userPassword $ mail ) )
I just need to add an attribute called mailDrop, which is already defined in the schema, but only used in other objectclasses, so the last line would become
MAY ( uid $ userPassword $ mail $ mailDrop ) )My question is: is it safe to do this one server at a time, editing the schema file and restarting the daemon, or will I have problems with the temporary schema mismatch? I would like to minimize the downtime of the operation, since the system is heavily used in production.
As long as nobody is trying to add this new attribute to an entry on the Master server when you are performing that schema change one server at a time, you are safe. Please test this schema change beforehand.
Sam
On Saturday, 7 July 2007, Sam Tran wrote:
On 7/6/07, Andre Nathan andre@digirati.com.br wrote:
Hello
I have an openldap master-slave setup, and I need to make a simple schema change to add an attribute to an objectclass which is defined as below:
objectclass ( dgMail:1.2.2 NAME 'dgMailAuth' DESC 'SASL Authentication for mail' SUP top STRUCTURAL MUST dgDBID MAY ( uid $ userPassword $ mail ) )
I just need to add an attribute called mailDrop, which is already defined in the schema, but only used in other objectclasses, so the last line would become
MAY ( uid $ userPassword $ mail $ mailDrop ) )My question is: is it safe to do this one server at a time, editing the schema file and restarting the daemon, or will I have problems with the temporary schema mismatch? I would like to minimize the downtime of the operation, since the system is heavily used in production.
As long as nobody is trying to add this new attribute to an entry on the Master server when you are performing that schema change one server at a time, you are safe.
IOW, do the slaves/consumers first, then the master.
Please test this schema change beforehand.
Regards, Buchan
On Mon, 2007-07-09 at 10:37 +0200, Buchan Milne wrote:
On Saturday, 7 July 2007, Sam Tran wrote:
As long as nobody is trying to add this new attribute to an entry on the Master server when you are performing that schema change one server at a time, you are safe.
IOW, do the slaves/consumers first, then the master.
Thanks guys, it worked fine!
Best, Andre
This may also be a good time to put your databases into read-only mode.
-- Puryear IT, LLC Identity Management, Directory Services, Systems Integration Baton Rouge, LA * 225-706-8414 * http://www.puryear-it.com
"Best Practices for Managing Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices
Sam Tran wrote:
On 7/6/07, Andre Nathan andre@digirati.com.br wrote:
Hello
I have an openldap master-slave setup, and I need to make a simple schema change to add an attribute to an objectclass which is defined as below:
objectclass ( dgMail:1.2.2 NAME 'dgMailAuth' DESC 'SASL Authentication for mail' SUP top STRUCTURAL MUST dgDBID MAY ( uid $ userPassword $ mail ) )
I just need to add an attribute called mailDrop, which is already defined in the schema, but only used in other objectclasses, so the last line would become
MAY ( uid $ userPassword $ mail $ mailDrop ) )My question is: is it safe to do this one server at a time, editing the schema file and restarting the daemon, or will I have problems with the temporary schema mismatch? I would like to minimize the downtime of the operation, since the system is heavily used in production.
As long as nobody is trying to add this new attribute to an entry on the Master server when you are performing that schema change one server at a time, you are safe. Please test this schema change beforehand.
Sam
openldap-software@openldap.org
-
Andre Nathan -
Buchan Milne -
Dustin Puryear -
Sam Tran