Hi everyone,
I have configured an ldap replication based on the producer-consumer mechanism using the syncrepl module. It worked fine but at first, the ldap tree was only partially imported on the consumer because the autofs.schema was missing. It took me a few hours (days?) to find out that I had to import the autofs.ldif manually on the consumer to make it work properly:
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/autofs.ldif
(that might not be the recommended way to achieve the sync but that worked).
Now that I have my producer and consumer perfectly in sync, I would like to get rid of the producer server and turn my consumer into the master ldap server (that might be used later as a producer). I wonder if it is possible...
I almost achieved "un-configuring" the consumer mechanism but the "ex-consumer" has now an odd behaviour : it allows me to modify the ldap tree with ldapmodify (normally impossible on consumer) but the tree is effectively modified on the ex-producer and not on the consumer itself. Yet when I perform an ldapsearch, it searches in the consumer tree, not on the producer side.
To initially configure the consumer, I had injected the following ldif file:
### consumer.ldif ### #Load the syncprov module. dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: syncprov
#syncrepl specific indices dn: olcDatabase={1}bdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: entryUUID eq - add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://10.50.1.11 bindmethod=simple binddn="cn=synchronisator,dc=office,dc=myorg,dc=be" credentials=mysecret searchbase="dc=office,dc=myorg,dc=be" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog - add: olcUpdateRef olcUpdateRef: ldap://10.50.1.11
So I thought that after sync, disabling the consumer property would be as simple as unloading the syncprov module and removing the olcSyncRepl directive... this way:
### removeSyncprovModule.ldif ### dn: cn=module{0},cn=config changetype: modify delete: olcModuleLoad olcModuleLoad: {1}syncprov
### disableConsumer.ldif ### dn: olcDatabase={1}bdb,cn=config changetype: modify delete: olcSyncrepl - delete: olcUpdateRef
But the ldapmodify returned an error when trying to inject that ldif file. Such operations are not allowed on the consumer.
So I had no other choice than to edit the ldif manually (though it is not recommended!) to delete the corresponding directives and restart the ldap server ( /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif ) Of course the server complained about wrong checksums. So I applied the method suggested on this page to fix it: http://serverfault.com/questions/499856/is-there-any-bad-thing-happens-if-i-... (basically removing and re-adding the schemas+data using *slapcat* and
*slapadd)* Since that, the consumer is not sync-ed with the producer anymore (good) but as I mentionned above, any attempt to modify the tree on the ex-consumer sides results in a modification on the ex-producer side and not on the consumer.
Is there any easier and working way to turn a consumer into a stand-alone master ldap server?
Thank you.
Yannick