My Bad
Going forward, what would be my strategy, to enable delta sync repl with one master is already running with 200G mdb db.
What i understand is 1.enable accesslog overlay on master server configure accesslog start the master 2. Take backup with mdb_copyand restore it on other master servers. 3. Enable accesslog configure to new consumers(work as providers as well)
Can you have a look, if i am wrong some where or any suggestion.
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema2/channelIdentifier.schema include /etc/openldap/schema2/platform.schema include /etc/openldap/schema2/extendedProfileKey.schema include /etc/openldap/schema2/extendedProfileValue.schema include /etc/openldap/schema2/behaviorKey.schema include /etc/openldap/schema2/behaviorValue.schema include /etc/openldap/schema2/questionAnswer.schema include /etc/openldap/schema2/extendedTop.schema include /etc/openldap/schema2/counter.schema serverid 1 TLSCipherSuite HIGH:MEDIUM:+SSLv3 TLSCACertificateFile /etc/openldap/cacerts/cacert.pem TLSCertificateFile /etc/openldap/cacerts/mmam01.crt TLSCertificateKeyFile /etc/openldap/cacerts/mmam01.key TLSVerifyClient never
pidfile /var/run/slapd.pid argsfile /var/run/slapd.args loglevel sync stats idletimeout 30 writetimeout 30 modulepath /etc/openldap/lib64/openldap moduleload back_mdb.la moduleload ppolicy.la moduleload unique.la moduleload syncprov.la
database mdb suffix "dc=example,dc=com" directory /openldap/var/data access to attrs=userPassword by self write by anonymous auth by * break
access to * by group/groupOfUniqueNames/uniqueMember.exact="cn=PWrite,ou=bGroup,dc=example,dc=com" manage by group/groupOfUniqueNames/uniqueMember.exact="cn=PRead,ou=bGroup,dc=example,dc=com" read by * break access to * by self write by anonymous auth by * read rootdn "cn=Manager,dc=example,dc=com" rootpw {SSHA}dXDESQeFjSoa/A1HfJ2TAzYf4DrSYWY index mail,uid,postalCode,smail,channelType,channelValue,answer,behavName,objectclass,type eq index givenName,sn,city,cn,extName sub index displayName approx index entryCSN,entryUUID eq checkpoint 128 15 maxsize 274877906944 overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
#accesslog db configuration database mdb suffix cn=log rootdn "cn=Manager,cn=log" rootpw xxxxxx directory /apps/accesslog index reqStart,objectclass,entryCSN,reqResult eq overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE overlay accesslog logdb cn=log logops writes logpurge 7+00:00 2+00:00 logsuccess TRUE
syncrepl rid=111 provider=ldap://sjam01.com binddn="cn=Manager,dc=example,dc=com" bindmethod=simple credentials=0m2013 tls_cacert=/etc/openldap/cacerts/cacert.pem searchbase="dc=example,dc=com" type=refreshAndPersist retry="5 5 60 +" network-timeout=10 timeout=10 syncdata=accesslog logbase="cn=log" logfilter="(&(objectclass=auditWriteObject)(reqResult=0))"
syncrepl rid=222 provider=ldap://mmam04.com binddn="cn=Manager,dc=example,dc=com" bindmethod=simple credentials=0m2013 tls_cacert=/etc/openldap/cacerts/cacert.pem searchbase="dc=example,dc=com" type=refreshAndPersist retry="5 5 60 +" network-timeout=10 timeout=10 syncdata=accesslog logbase="cn=log" logfilter="(&(objectclass=auditWriteObject)(reqResult=0))"
mirrormode true
overlay unique unique_attributes mail overlay ppolicy ppolicy_default "cn=default,ou=pwdPolicy,dc=example,dc=com" ppolicy_use_lockout
On Thu, Jan 17, 2013 at 1:51 AM, Quanah Gibson-Mount quanah@zimbra.comwrote:
--On Thursday, January 17, 2013 1:48 AM +0530 anil beniwal < beni.anil@gmail.com> wrote:
If i can't use multi master with refreshandpersist then why its given at all. i was able to get replication working with same configuration in other testing environment, but with very less users 1m only.
I don't understand your statement/question. Delta-Syncrepl MMR uses refresh and persist, and it is the best option to use for replication in OpenLDAP. Particularly with multi-master replication.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration