I have just added a second openldap server 2.3.30 to my network and setup syncrepl in refreshOnly mode. I connected to the consumer ldap server using a ldap client but when I tried to make a change I got an error stating that I must have an update referral setup. After adding the updateref to my consumer slapd.conf and restarting that I get an error stating that "modifications require stronger authentication desc Strong(er) authentication required."
Now if I try to add updatedn to the consumer slapd.conf I get the following error starting the ldap server: <updatedn> database already shadowed
Here is the last bit of my slapd.conf from the consumer: syncrepl rid=100 provider="ldap://192.168.1.40:389" binddn="uid=syncuser,ou=People,dc=radimg,dc=pitt,dc=edu" bindmethod=simple credentials=###CHANGED### searchbase="dc=radimg,dc=pitt,dc=edu" filter="(objectClass=*)" attrs"*" schemachecking=off scope=sub type=refreshOnly interval=00:06:00:00
updateref ldap://192.168.1.40
John Drescher wrote:
I have just added a second openldap server 2.3.30 to my network and setup syncrepl in refreshOnly mode. I connected to the consumer ldap server using a ldap client but when I tried to make a change I got an error stating that I must have an update referral setup. After adding the updateref to my consumer slapd.conf and restarting that I get an error stating that "modifications require stronger authentication desc Strong(er) authentication required."
Now if I try to add updatedn to the consumer slapd.conf I get the following error starting the ldap server: <updatedn> database already shadowed
Here is the last bit of my slapd.conf from the consumer: syncrepl rid=100 provider="ldap://192.168.1.40:389" binddn="uid=syncuser,ou=People,dc=radimg,dc=pitt,dc=edu" bindmethod=simple credentials=###CHANGED### searchbase="dc=radimg,dc=pitt,dc=edu" filter="(objectClass=*)" attrs"*" schemachecking=off scope=sub type=refreshOnly interval=00:06:00:00
updateref ldap://192.168.1.40
syncrepl needs no updatedn, and what you report above is the expected behavior. Did you happen to read the admin guide or slapd.conf(5) about sync replication?
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
syncrepl needs no updatedn, and what you report above is the expected behavior.
So with syncrepl there is no way to do consumer updates?
Did you happen to read the admin guide or slapd.conf(5) about sync replication?
Yes, I read both several times this morning. Its definitely not the easiest documentation to read - too much detail on the protocol/design and very little info on the usage and configuration. After reading both I could not find an answer to my question. And after trying and failing I did a few google searches that led to conflicting results and more suggestions that did not work.
Thanks,
John
John Drescher wrote:
syncrepl needs no updatedn, and what you report above is the expected behavior.
So with syncrepl there is no way to do consumer updates?
Did you happen to read the admin guide or slapd.conf(5) about sync replication?
Yes, I read both several times this morning. Its definitely not the easiest documentation to read - too much detail on the protocol/design and very little info on the usage and configuration. After reading both I could not find an answer to my question. And after trying and failing I did a few google searches that led to conflicting results and more suggestions that did not work.
In any case, with currently released code there is no way to update the consumer. One thing you can do is to add a global instance of slapo-chain which redirects writes to the producer. To the client, it will appear like updating the consumer (but updates will get to the consumer later, possibly after the client got a successful response, so immediate reads could not see the modifications in place yet).
Example configuration is produced by running test007 and test018 (look at "overlay chain" in the consumer's slapd.conf).
OpenLDAP 2.4 will allow mirror mode setups which means that multiple servers will simultaneously act as masters. But that's not released yet.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
On 3/6/07, Pierangelo Masarati ando@sys-net.it wrote:
John Drescher wrote:
syncrepl needs no updatedn, and what you report above is the expected behavior.
So with syncrepl there is no way to do consumer updates?
Did you happen to read the admin guide or slapd.conf(5) about sync replication?
Yes, I read both several times this morning. Its definitely not the easiest documentation to read - too much detail on the protocol/design and very little info on the usage and configuration. After reading both I could not find an answer to my question. And after trying and failing I did a few google searches that led to conflicting results and more suggestions that did not work.
In any case, with currently released code there is no way to update the consumer. One thing you can do is to add a global instance of slapo-chain which redirects writes to the producer. To the client, it will appear like updating the consumer (but updates will get to the consumer later, possibly after the client got a successful response, so immediate reads could not see the modifications in place yet).
Example configuration is produced by running test007 and test018 (look at "overlay chain" in the consumer's slapd.conf).
OpenLDAP 2.4 will allow mirror mode setups which means that multiple servers will simultaneously act as masters. But that's not released yet.
Thank you, I will look into this. John
John Drescher said the following on 06/03/07 18:53:
syncrepl needs no updatedn, and what you report above is the expected behavior.
So with syncrepl there is no way to do consumer updates?
Did you happen to read the admin guide or slapd.conf(5) about sync replication?
Yes, I read both several times this morning. Its definitely not the easiest documentation to read - too much detail on the protocol/design and very little info on the usage and configuration. After reading both I could not find an answer to my question. And after trying and failing I did a few google searches that led to conflicting results and more suggestions that did not work.
This is something we will be addressing in ongoing documentation re-works.
Thanks.
Thanks,
John
openldap-software@openldap.org
-
Gavin Henry -
John Drescher -
Pierangelo Masarati