Hi,
I'm doing a mirrormode setup from what I can understand of the admin guide A.2.5 it's possible to mirror cn=config so you only have to make changes on one server. I have two problems though.
First: I've looked at test49 and it doesn't seem to use mirrormode. Also - server 1 in test49 has it self as provider ??? I would guess that there would be some troubles with mirroring cn=config since, server 1 should have server 2 as provider and vice-versa. (and that must not be replicated)
Is this possible at all or am I chasing a dead end?
Second: I have problem with SASL/EXTERNAL and TLS. The server can't seem to find the client certificate. I'm using slapd from Debian Lenny and Ubuntu Hardy, and it's probably due to GnuTLS problems. I get error from slapd like: "TLS: can't accept: A TLS packet with unexpected length was received.." "unable to get TLS client DN, error=-4 id=0"
Are GnuTLS just completely broken on Debian Lenny or can this be made to work?
/Peter
Peter Mogensen wrote:
Hi,
I'm doing a mirrormode setup from what I can understand of the admin guide A.2.5 it's possible to mirror cn=config so you only have to make changes on one server. I have two problems though.
First: I've looked at test49 and it doesn't seem to use mirrormode. Also - server 1 in test49 has it self as provider ??? I would guess that there would be some troubles with mirroring cn=config since, server 1 should have server 2 as provider and vice-versa. (and that must not be replicated)
Is this possible at all or am I chasing a dead end?
Hi,
This is possible. If your config is mirrored, you must have two syncrepl statements - one pointing at each server.
slapd will detect that one of these statements is pointing to itself, so long as the URI in your syncrepl matches the URI you launch slapd with (in the -h parameter).
So for example, in your cn=config olcSyncrepl: rid=NNN provider=ldap://master1:389/ ... olcSyncrepl: rid=NNM provider=ldap://master2:389/ ...
And launch your master1 with: slapd -h "ldap://master1:389/" ... etc.
Regards,
openldap-software@openldap.org
-
Jonathan Clarke -
Peter Mogensen