Dave Macias email@example.com schrieb am 03.04.2019 um 19:43 in Nachricht
Thank you very much Quanah for your response!
Sort of. If you added the schema and then an object, the other masters should halt replication at that point until they have a matching schema.
Not really, no. It does depend on the version of OpenLDAP in use, as there were some bugs in older OpenLDAP versions that would allow the object to partially replicate or the object to just get skipped, which could cause headache. But those issues were fixed.
So then best practice with tree sync is add the schema to all masters first, then an object. which would make sense.
I would say that by doing cn=config replication, you've added a wide surface area for new issues to occur. I generally view cn=config replication as more of a beta feature. There are still ongoing issues being resolved and fixed for it (For example, ITS#8616 in the most recent 2.4.47 release)
Hmm... so would you recommend removing the replication of cn=config for now? Individually adding the schema to each master is feasible for us.
Actually we do have cn=config replication for more than five years now without any problem, but we change the config rarely. What's nice is that you'll have to create your indexe3s only once...
Regards, Ulrich Windl
Thank you again