Em 26-05-2010 21:09, Siddhartha Jain escreveu: 
I am not a pro at OpenLDAP but do you need to setup the "frontend" database in replication mode? In my setup, only "cn=config" is set to replicate and that takes care of replication of the "frontend" too such that any ACL changes in "frontend" of one instance propogate to other instances as well.


  
-----Original Message-----
From: openldap-technical-bounces+sjain=silverspringnet.com@openldap.org
[mailto:openldap-technical-
bounces+sjain=silverspringnet.com@openldap.org] On Behalf Of Marcio
Merlone
Sent: Wednesday, May 26, 2010 11:32 AM
To: openldap-technical@openldap.org
Subject: Replication via cn=config

Hi all,

I am setting a pair of multi-master replicated servers (venus and
haumea) using Ubuntu 10.04 and OpenLDAP 2.4.21-0ubuntu5. I am following
the docs at http://www.openldap.org/doc/admin24/replication.html and
when I get to the part for this ldif:

dn: olcDatabase={1}frontend,cn=config

Well, I found the docs ( http://www.openldap.org/doc/admin24/replication.html) a little confusing (dumb me) and since the only dn I could find to match "dn: olcDatabase={1}$BACKEND,cn=config" was 'frontend' I assumed that. It ends up that ${BACKEND} is a new tree and is really the backend (duh!) and thus the correct is "dn: olcDatabase={1}hdb,cn=config".

Another point that I am still not sure is what to use as $URIx below:

dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 $URI1
olcServerID: 2 $URI2
olcServerID: 3 $URI3

Suppose an hypothetic situation where I want two servers replicating in a multi-master way, named venus.domain.tld and haumea.domain.tld. Would I use the same ldif without change for both servers like this:

olcServerID: 1 ldap://haumea.domain.tld
olcServerID: 2 ldap://venus.domain.tld

?

Also, the 'olcSyncRepl' parameter should be set for both on both?

olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
       credentials=secret searchbase="cn=config" type=refreshAndPersist
       retry="5 5 300 5" timeout=1

As a suggestion, all configuration examples should have both slapd.conf and cn=config methods and examples (I am at http://www.openldap.org/doc/admin24/replication.html.)

Thanks and best regards.

-- 
Marcio Merlone