On Tuesday 08 July 2008 19:58:24 John Oliver wrote:
I know nothing about LDAP / OpenLDAP. With that out of the way...
I have a CentOS 5 machine running openldap-2.3.27-8 I just built a CentOS 5.2 machine with openldap-2.3.27-8.el5_1.3 My goal is to have the LDAP on the first machine synch with, and stay synched to, the LDAP on the second machine, so if the first machine dies I can bring up an interface with it's IP on the second and get authentication working again.
Well, you should rather configure any LDAP clients to fail over to the second LDAP server, so no intervention is required.
I've Googled "LDAP replication" and "LDAP synchronization".
Why did you not consult the documentation for the software you are using?
http://www.openldap.org/doc/admin23/syncrepl.html#Configuring%20Syncrepl
BTW, there are probably some best practice issues that aren't covered there. If you have configured your provider well, it is actually quite trivial to add a new consumer without requiring any configuration changes on the provider. The issues to take into account are:
-Ensuring the identity used by a new consumer has access to all the content that you wish it to replicate (suggestion: add a group-based ACL allowing read access to all entries) -Ensuring the identity used by a new consumer has unlimited (size/time) access to all the content that you wish to replicate (suggestion: add group-based limit statements).
Then, adding a new consumer is reduced to adding an identity for the consumer to use for replication, adding it to the appropriate group, and starting slapd with a suitable configuration on the consumer.
Regards, Buchan