I have implemented a multi-master two node ldap with openldap 2.4.22 and Berkely DB 4.8.26 on Redhat enterprise 5.4 with several readonly replicas off of the masters.
I have a need to add several optional attributes to a schema and probably should upgrade to 2.4.24 as well. If this was a single-master server, it would be easy to do; just slapcat the ldap store, update software, change schema, slapadd the ldap store back, and resume slapd.
I'm not sure how to do that with multi-master. One reason for using multi-master was if one master was down, the other would keep running. One should be able to upgrade one server, have it catch up with the changes that the other master had done while the first master is down and then repeat for the 2nd master. Is this possible? Has anyone done this and how was it done?
I know in the near future, a high-level branch on my DIT will be purged and bulk reloaded. I have tested the load with a test setup of multi-master ldap. If I do it via ldapadd, it takes over 6 hours to load. With slapadd (and slapd down) it only takes 25 minutes plus the time for the other master to get up-to-date. Is there any way that I can speed-up the update with ldapadd? I have pieces of my slapd.conf for the 1st master at the end of this email.
Slapadd has two options that appear to be needed when dealing with multi-master or replicate nodes. The first is the "-S sid" option, the second is "-w". I'm a little confused what is used where. If you are doing a dump and restore operation (slapcat, delete database, slapadd) the only option you need is the "-w" option? If you are adding new entries offline then do both options need to be specified?
Is there a multi-master best practice quide somewhere?
Thanks for any help,
============== slapd.conf extract ==============: ServerID 001 pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args sizelimit unlimited moduleload ppolicy.1a
database bdb suffix "dc=htc,dc=com" rootdn "cn=Manager,dc=htc,dc=com" rootpw XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
directory /usr/local/var/openldap-data cachesize 50000 dncachesize 50000 idlcachesize 150000 checkpoint 1024 5 dbconfig set_cachesize 0 268435456 1 dbconfig set_lg_bsize 2097152 dbconfig set_lg_regionmax 262144 dbconfig set_flags DB_LOG_AUTOREMOVE monitoring on
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryCSN eq index entryUUID eq index uniqueIdentifier eq
overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=htc,dc=com"
syncrepl rid=002 provider=ldap://vmldapdev2.htc.external:389 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=htc,dc=com" attrs="*,+" bindmethod=simple binddn="uid=vmldapdev1,ou=replicants,ou=admin,dc=htc,dc=com" credentials=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
mirrormode TRUE
overlay syncprov syncprov-checkpoint 1000 1
database monitor
********************************************************************** HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. **********************************************************************