Christian Kratzer wrote:
Hi,
On Mon, 16 Dec 2013, Howard Chu wrote:
Christian Kratzer wrote:
Hi,
On Mon, 16 Dec 2013, Karsten Heymann wrote:
Hi,
when setting up a cluster with 1+x masters and 1+x slaves, is it possible to use a single cn=config replicated between all of these? Or do masters and slaves need to have different settings anyhow. I'd like not to have to manage schema information and acls in two places.
as you generally tend to have slightly different settings on masters and slaves there is currently no other way byt to have separate sets of cn=config for masters and slaves.
Use syncrepl suffixmassage. Read this thread. http://www.openldap.org/lists/openldap-technical/201104/msg00206.html
interesting. I never noticed that. One still has to keep full parallel copies of different cn=config variations.
I had been thinking about a schmeme of having additional attributes under cn=config that would specify to which servers they apply using their respective server URI.
Something like the following:
dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=example,dc=org dn: cn=master-subconfig,olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig objectClass: xxxServerConfig olcDatabase: mdb xxxServerConfigURI: ldap://ldap-master-1 xxxServerConfigURI: ldap://ldap-master-2 olcSyncrepl: id=1 provider=ldap://ldap-master-1 ... olcSyncrepl: id=2 provider=ldap://ldap-master-2 ... olcMirrorMode: TRUE dn: cn=slave-subconfig,olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig objectClass: xxxServerConfig olcDatabase: mdb xxxServerConfigURI: ldap://ldap-slave1 xxxServerConfigURI: ldap://ldap-slave2 olcSyncrepl: id=1 provider=ldap://ldap-master-1 ... olcSyncrepl: id=2 provider=ldap://ldap-master-2 ... olcMirrorMode: FALSEthat would allow one put site wide shared defaults into the parent entry and group servers with differences under subentries.
One of the changes that has been waiting in the wings for a long time is to move syncrepl config out of the olcDatabase entry and into its own olcOverlay entry. At that point a lot of config needs will make a lot more sense, and there'll be no need for gyrations of shared/merged config.
- How to best handle backward compatibility.
We've done this transition once before, changing backglue/subordinate from a database keyword into its own overlay. I don't think it will present any special problems.