--On Thursday, April 9, 2020 10:50 AM +0200 Marc Franquesa marc.franquesa@gmail.com wrote:
1- If the DIT loads and uses syncprov modules -> Is a Master/Provider 2- If the DIT has olcSyncrepl -> Is a Slave/Consumer
If 1 & 2 are both true I assume I'm in a N-Way Multimaster scenario If only 1 is true I assume I'm the Master on a Master/Slave setup If only 2 is true I assume I'm the Slave (ReadOnly) on a Master/Slave scenario.
Incorrect, you can have syncprov loaded on a consumer. What makes a system a consumer is:
a) it has a syncrepl configuration parameter b) it does not have a serverID value > 0 (i.e., it is the default of 0)
If a server has:
a) syncprov (and possibly accesslog), no serverID >1, and no syncrepl statement, it is a standalone provider b) syncprov (and possibly accesslog), serverID > 1, and a syncrepl statement, it is a multimaster node c) no syncprov, no serverID > 0, and no syncrepl statement, it is a standalone server that is not a provider (since there are no replication cookies stored)
In all above cases I would like the slave to be readonly replica, totally denying writes.
This is how most read only consumers are configured. I would note that providing a referral does not mean the consumer "accepts writes". It means that if something tries to write to the consumer, it will get a referal to the provider host. It is up to the client attempting to make the write operation to honor that referal (or not). If you also configure chaining on the replica, then it can forward the write to the provider itself, but it is still not accepting the write operation, as the write is performed on the master.
I'm not really clear what you mean by "read only" in any of these cases. If you want an LDAP server that accepts no writes at all, then you shouldn't configure replication, as any writes that occur on the provider will then occur on the consumer, and additionally set the readonly configuration parameter to TRUE.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com