Greetengs.
About two years ago I theoreticaly learned with docs and this forum, but had no practice at all. Now I have to resolv some problems with OpenLDAP in a rush, and, unforunatelly, I have no much time to search archives and documentation and make experimental works. So I will be very greatfull if you share your experience. URLs for FAQs and examples are welcome.
So. We have an e-mail MTA distributed system based on sendmail, courier imap, and OpenLDAP as user database and authentication backend. Our ex-sysadmin installed master LDAP and two slave OL-servers on relays, using SLURP technique. I beleive that it is not right choice, so I want to migrate replication scheme to better one. So some questions I have for now.
1. I know SLURP and LDAP sync techniques, is there another ones?
2. LDAP sync looks for me much better than SLURP. Is there any "compare chart" or "best practice" tips which helps to choose right way?
3. Is there any version restrictions for replications schemes? E.g. if I setup new OpenLDAP server have I install exactly same version as other LDAP servers?
4. Some days ago my master LDAP was dead for good, so I'd changed software configuration and now it uses one of my ex-slaves. It works fine but as a result I lost backup LDAP server -- now my slaves out of sync. I guess that the simplest way is setup another OpenLDAP, copy base and make it master ldap server using SLURP. But if sync scheme better than SLURP I prefer to setup LDAP sync scheme. So if I choose sync, I want to make my today's master 'provider' and stand-alone-today-ex-slave 'consumer'. Am I right?
5. Can I perform any setup steps but setup consumer to syncronize my LDAPs?
On 5/11/07, Antuan Avdioukhine antuan@cplus.ru wrote:
Greetengs.
About two years ago I theoreticaly learned with docs and this forum, but had no practice at all. Now I have to resolv some problems with OpenLDAP in a rush, and, unforunatelly, I have no much time to search archives and documentation and make experimental works. So I will be very greatfull if you share your experience. URLs for FAQs and examples are welcome.
So. We have an e-mail MTA distributed system based on sendmail, courier imap, and OpenLDAP as user database and authentication backend. Our ex-sysadmin installed master LDAP and two slave OL-servers on relays, using SLURP technique. I beleive that it is not right choice, so I want to migrate replication scheme to better one. So some questions I have for now.
I know SLURP and LDAP sync techniques, is there another ones?
LDAP sync looks for me much better than SLURP. Is there any "compare
chart" or "best practice" tips which helps to choose right way?
- Is there any version restrictions for replications schemes? E.g. if I
setup new OpenLDAP server have I install exactly same version as other LDAP servers?
- Some days ago my master LDAP was dead for good, so I'd changed
software configuration and now it uses one of my ex-slaves. It works fine but as a result I lost backup LDAP server -- now my slaves out of sync. I guess that the simplest way is setup another OpenLDAP, copy base and make it master ldap server using SLURP. But if sync scheme better than SLURP I prefer to setup LDAP sync scheme. So if I choose sync, I want to make my today's master 'provider' and stand-alone-today-ex-slave 'consumer'. Am I right?
- Can I perform any setup steps but setup consumer to syncronize my
LDAPs?
Well, it sounds like your in less of a hurry since you're still up. :)
slurpd is being deprecated, so you will want to migrate to using syncrepl when you upgrade openldap.
In the short term, use slapcat/slapadd to get your second replca back in-sync and then you can start down the road of rebuilding your master with the latest slapd and start getting syncrepl setup.
_Matt
On Fri, May 11, 2007 at 10:51:17AM -0400, matthew sporleder wrote:
Well, it sounds like your in less of a hurry since you're still up. :)
Thanks to heaven ;)
slurpd is being deprecated, so you will want to migrate to using syncrepl when you upgrade openldap.
Ok, this is means, I guess, that there is no other valuable sync-methods. What about version compatibility (thinking I'll have 2&3 brach but different builds)?
In the short term, use slapcat/slapadd to get your second replca back in-sync and then you can start down the road of rebuilding your master with the latest slapd and start getting syncrepl setup.
Fine. Got it. How to check that two LDAPs are syncroneous?
On 5/17/07, Antuan Avdioukhine antuan@cplus.ru wrote:
On Fri, May 11, 2007 at 10:51:17AM -0400, matthew sporleder wrote:
Well, it sounds like your in less of a hurry since you're still up. :)
Thanks to heaven ;)
slurpd is being deprecated, so you will want to migrate to using syncrepl when you upgrade openldap.
Ok, this is means, I guess, that there is no other valuable sync-methods. What about version compatibility (thinking I'll have 2&3 brach but different builds)?
In the short term, use slapcat/slapadd to get your second replca back in-sync and then you can start down the road of rebuilding your master with the latest slapd and start getting syncrepl setup.
Fine. Got it. How to check that two LDAPs are syncroneous?
I was using a 2.3 master to replicate to 2.1 replicas without any problems. There are a few threads (some involving me, some involving other people) about which versions can replicate to which other versions.
To check if they're perfectly in-sync, you can slapcat both at a known interval and compare. The entryCSN and entryUUID attributes should match on all of your entries since they all came from the same seed slapcat.
openldap-software@openldap.org
-
Antuan Avdioukhine -
matthew sporleder