Hi,
I'm using OpenLDAP 2.3.35 with a distributed architectures with many databases in the same naming context. I've designed a scheme of my architecture for easier understanding : http://img370.imageshack.us/img370/693/architectureldapossaud3.png
I've three OpenLDAP servers (more in the near future) named for this example like this following list :
- META-ANNUAIRE : this server host many databases which have subordinate relations between them, - FRONT-END : One of the two front-end LDAP servers which have only one database: a replica (over syncrepl) of the top database of META-ANNUAIRE, - OSSA : a server of an sub-organization which provides (over syncrepl) a branch of the context naming to META-ANNUAIRE.
META-ANNUAIRE is a syncprov provider and a syncrepl consumer. Database "dc=linagora,dc=com" is provided by syncprov. Others databases are provided by servers of sub-organizations using a synrecpl definition. Theses databases are subordinate to the first database using the directive named "subordinate". I've already set glue overlay for this database because of syncprov overlay.
I can't retreive datas from servers like OSSA with FRONT-END servers as I can with META-ANNUAIRE. The database "dc=sp,dc=linagora,dc=com" isn't yet replicated by syncrepl but I've the same problem with theses datas.
Can I replicate over syncrepl a database with many databases that are subordinate to the first with all datas ?
Regards,
PS: I'm using OpenLDAP 2.3.35 under Solaris 10.
Raphaël 'SurcouF' Bordet wrote:
Hi,
I'm using OpenLDAP 2.3.35 with a distributed architectures with many databases in the same naming context. I've designed a scheme of my architecture for easier understanding : http://img370.imageshack.us/img370/693/architectureldapossaud3.png
There are a number of problems with syncprov and multiple glued remote databases in OpenLDAP 2.3. These have been resolved in OpenLDAP 2.4.
Le vendredi 04 mai 2007 à 11:32 -0700, Howard Chu a écrit :
Raphaël 'SurcouF' Bordet wrote:
Hi,
I'm using OpenLDAP 2.3.35 with a distributed architectures with many databases in the same naming context. I've designed a scheme of my architecture for easier understanding : http://img370.imageshack.us/img370/693/architectureldapossaud3.png
There are a number of problems with syncprov and multiple glued remote databases in OpenLDAP 2.3. These have been resolved in OpenLDAP 2.4.
Hi,
I need a stable version of OpenLDAP, not a alpha stage. Can I have a patch with only syncprov and glue overlays corrected ?
Regards,
On Mon, May 07, 2007 at 06:05:52PM +0200, Raphaël 'SurcouF' Bordet wrote:
Le vendredi 04 mai 2007 à 11:32 -0700, Howard Chu a écrit :
Raphaël 'SurcouF' Bordet wrote:
Hi,
I'm using OpenLDAP 2.3.35 with a distributed architectures with many databases in the same naming context. I've designed a scheme of my architecture for easier understanding : http://img370.imageshack.us/img370/693/architectureldapossaud3.png
There are a number of problems with syncprov and multiple glued remote databases in OpenLDAP 2.3. These have been resolved in OpenLDAP 2.4.
Hi,
I need a stable version of OpenLDAP, not a alpha stage. Can I have a patch with only syncprov and glue overlays corrected ?
I doubt this will be fixed for 2.3. You could wait for 2.4 to become "stable" or change a bit your setup, as I did. Basically, don't rely on glue for the replication: replicate each database on itw own. Use the glue overlay just for client searches. For replication, pretend it's not there.
Le lundi 07 mai 2007 à 13:52 -0300, Andreas Hasenack a écrit :
On Mon, May 07, 2007 at 06:05:52PM +0200, Raphaël 'SurcouF' Bordet wrote:
Le vendredi 04 mai 2007 à 11:32 -0700, Howard Chu a écrit :
Raphaël 'SurcouF' Bordet wrote:
Hi,
I'm using OpenLDAP 2.3.35 with a distributed architectures with many databases in the same naming context. I've designed a scheme of my architecture for easier understanding : http://img370.imageshack.us/img370/693/architectureldapossaud3.png
There are a number of problems with syncprov and multiple glued remote databases in OpenLDAP 2.3. These have been resolved in OpenLDAP 2.4.
Hi,
I need a stable version of OpenLDAP, not a alpha stage. Can I have a patch with only syncprov and glue overlays corrected ?
I doubt this will be fixed for 2.3. You could wait for 2.4 to become "stable" or change a bit your setup, as I did. Basically, don't rely on glue for the replication: replicate each database on itw own. Use the glue overlay just for client searches. For replication, pretend it's not there.
Hi,
How can limit the usage of glue overlays to clients search ? I need to replicate my global database to front-ends and to subordinate openldap servers... I can' wait for 2.4.
Regards,
On Tue, May 22, 2007 at 04:54:31PM +0200, Raphaël 'SurcouF' Bordet wrote:
Le lundi 07 mai 2007 à 13:52 -0300, Andreas Hasenack a écrit :
On Mon, May 07, 2007 at 06:05:52PM +0200, Raphaël 'SurcouF' Bordet wrote:
Le vendredi 04 mai 2007 à 11:32 -0700, Howard Chu a écrit :
Raphaël 'SurcouF' Bordet wrote:
Hi,
I'm using OpenLDAP 2.3.35 with a distributed architectures with many databases in the same naming context. I've designed a scheme of my architecture for easier understanding : http://img370.imageshack.us/img370/693/architectureldapossaud3.png
There are a number of problems with syncprov and multiple glued remote databases in OpenLDAP 2.3. These have been resolved in OpenLDAP 2.4.
Hi,
I need a stable version of OpenLDAP, not a alpha stage. Can I have a patch with only syncprov and glue overlays corrected ?
I doubt this will be fixed for 2.3. You could wait for 2.4 to become "stable" or change a bit your setup, as I did. Basically, don't rely on glue for the replication: replicate each database on itw own. Use the glue overlay just for client searches. For replication, pretend it's not there.
Hi,
How can limit the usage of glue overlays to clients search ? I need to replicate my global database to front-ends and to subordinate openldap servers... I can' wait for 2.4.
This is what I did. Consider this tree and these two servers (from ITS#4626):
Provider. ou=global is another database here. I use glue.
+ dc=example,dc=com (db1, rep1) / \ ... + ou=global (db2, rep2) / \ ...
Consumer: + dc=example,dc=com (from rep1, *exc* rep2) / \ ... + ou=global (from rep2) / \ ... ...
If I point the consumer at the provider's root, replication has issues when reaching ou=global (see the ITS for details). So, what I did was use two replications: one for ou=global, and another one for dc=example,dc=com *excluding* the ou=global branch. And also two databases in the consumer.
ou=global suffix at the consumer: syncrepl rid=002 provider=ldap://ldap.server type=refreshAndPersist retry="10 +" searchbase="ou=global,dc=example,dc=com" scobe=sub filter="(objectClass=*)" bindmethod=simple binddn="uid=LDAP Replicator,ou=System Accounts,ou=global,dc=example,dc=com" credentials="ldapreplicator"
dc=example,dc=com suffix at the consumer: syncrepl rid=001 provider=ldap://ldap.server type=refreshAndPersist retry="10 +" searchbase="dc=example,dc=com" scobe=sub filter="(!(entryDN:dnSubtreeMatch:=ou=Global,dc=example,dc=com))" bindmethod=simple binddn="uid=LDAP Replicator,ou=System Accounts,ou=global,dc=example,dc=com" credentials="ldapreplicator"
Notice the filter which is excluding the ou=global part.
openldap-software@openldap.org
-
Andreas Hasenack -
Howard Chu -
Raphaël 'SurcouF' Bordet