{i'm sorry if this a duplicated}
i've "successfully" set up replication in a master-slave orientation, with persistent replication; the consumer receives database changes as they are made to the master.
i initialize the consumer database using a ldif created on the provider: *"* *slapcat -b dc=murphy,dc=bz-v -l transfer.ldif" * it has been functional for the past three weeks.for the most part it works, entries are updated immediately. however, twice the data entires within all organizational units have been deleted and about four times either the syncuser or the admin cn's have been deleted from the consumer.
i'm about to start over and entirely reconfigure the consumer. i'd appreciate any feedback on anything that needs adjusting in my configuration or any gotchas. specifically - is my syncrepl directive accurate? - in initial configuration (dpkg) should i setup a different database than the one i intend to replicate?
both consumer and provider are running openldap 2.4.15-1ubuntu3
thanks.
provider's configuration: dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=murphy,dc=bz olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" read by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" read by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub olcDbIndex: entryCSN,entryUUID eq structuralObjectClass: olcHdbConfig entryUUID: e1dbc798-0ac2-102e-9977-37c480b68b78 creatorsName: cn=admin,cn=config createTimestamp: 20090722042133Z olcLimits: {0}dn.exact="cn=syncuser,dc=murphy,dc=bz" time.soft=unlimited time. hard=unlimited size.soft=unlimited size.hard=unlimited entryCSN: 20090806001008.586987Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090806001008Z
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}syncprov structuralObjectClass: olcModuleList entryUUID: e1da8df6-0ac2-102e-996f-37c480b68b78 creatorsName: cn=config createTimestamp: 20090722042133Z entryCSN: 20090805014105.909778Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090805014105Z
dn: olcOverlay={0}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: c94c1ab2-15ac-102e-8886-213db5dc8256 creatorsName: cn=admin,cn=config createTimestamp: 20090805014105Z entryCSN: 20090805014105.945605Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090805014105Z
consumer's configuration: dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=murphy,dc=bz olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" write by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub olcDbIndex: entryCSN,entryUUID eq structuralObjectClass: olcHdbConfig entryUUID: ac0c4eee-1c74-102e-8275-a73f90e057e6 creatorsName: cn=admin,cn=config createTimestamp: 20090813164703Z olcRootDN: cn=admin,dc=murphy,dc=bz olcSyncrepl: {0}rid=16 provider=ldaps://marcos.murphy.bzbinddn="cn=syncuser,dc=murphy,dc=bz" bindmethod=simple credentials=replication searchbase="dc=murphy,dc=bz" scope=sub type=refreshAndPersist interval=00:00:20:00 retry="10 5 3 00 5" entryCSN: 20090813183713.024346Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183713Z
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}syncprov structuralObjectClass: olcModuleList entryUUID: ac04c368-1c74-102e-826d-a73f90e057e6 creatorsName: cn=config createTimestamp: 20090813164703Z entryCSN: 20090813183712.967024Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183712Z
dn: olcOverlay={0}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: 10653536-1c84-102e-9258-bf448f0d99c4 creatorsName: cn=admin,cn=config createTimestamp: 20090813183714Z entryCSN: 20090813183714.001905Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183714Z
Hi,
On 19/08/2009 22:12, charles wrote:
{i'm sorry if this a duplicated}
i've "successfully" set up replication in a master-slave orientation, with persistent replication; the consumer receives database changes as they are made to the master.
i initialize the consumer database using a ldif created on the provider: /"//slapcat -b dc=murphy,dc=bz-v -l transfer.ldif" /
Initializing the consumer database is not mandatory. Syncrepl will replicate all entries on first startup.
Of course, if you have a large number of entries in your directory, you may want to "prime" the consumer like this to avoid large network transfers.
it has been functional for the past three weeks.for the most part it works, entries are updated immediately. however, twice the data entires within all organizational units have been deleted and about four times either the syncuser or the admin cn's have been deleted from the consumer.
That doesn't sound completely functional to me...
i'm about to start over and entirely reconfigure the consumer. i'd appreciate any feedback on anything that needs adjusting in my configuration or any gotchas. specifically - is my syncrepl directive accurate? - in initial configuration (dpkg) should i setup a different database than the one i intend to replicate?
both consumer and provider are running openldap 2.4.15-1ubuntu3
There have been many bugs fixed since 2.4.15 was released, in particular concerning syncrepl and syncprov. If you're setting up this system now, I really recommend using the latest version (2.4.17).
Regarding your configuration, it looks OK at a quick glance. A few comments: - you don't need syncprov overlay on the consumer. - the "interval" parameter is only useful for refreshOnly. - your "retry" parameter will (eventually) stop retrying. Use the "+" modifier to cause retry forever.
I hope this helps, Jonathan
thanks.
provider's configuration: dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=murphy,dc=bz olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" read by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" read by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub olcDbIndex: entryCSN,entryUUID eq structuralObjectClass: olcHdbConfig entryUUID: e1dbc798-0ac2-102e-9977-37c480b68b78 creatorsName: cn=admin,cn=config createTimestamp: 20090722042133Z olcLimits: {0}dn.exact="cn=syncuser,dc=murphy,dc=bz" time.soft=unlimited time. hard=unlimited size.soft=unlimited size.hard=unlimited entryCSN: 20090806001008.586987Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090806001008Z
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}syncprov structuralObjectClass: olcModuleList entryUUID: e1da8df6-0ac2-102e-996f-37c480b68b78 creatorsName: cn=config createTimestamp: 20090722042133Z entryCSN: 20090805014105.909778Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090805014105Z
dn: olcOverlay={0}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: c94c1ab2-15ac-102e-8886-213db5dc8256 creatorsName: cn=admin,cn=config createTimestamp: 20090805014105Z entryCSN: 20090805014105.945605Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090805014105Z
consumer's configuration: dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=murphy,dc=bz olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" write by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub olcDbIndex: entryCSN,entryUUID eq structuralObjectClass: olcHdbConfig entryUUID: ac0c4eee-1c74-102e-8275-a73f90e057e6 creatorsName: cn=admin,cn=config createTimestamp: 20090813164703Z olcRootDN: cn=admin,dc=murphy,dc=bz olcSyncrepl: {0}rid=16 provider=ldaps://marcos.murphy.bz http://marcos.murphy.bz/ binddn="cn=syncuser,dc=murphy,dc=bz" bindmethod=simple credentials=replication searchbase="dc=murphy,dc=bz" scope=sub type=refreshAndPersist interval=00:00:20:00 retry="10 5 3 00 5" entryCSN: 20090813183713.024346Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183713Z
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}syncprov structuralObjectClass: olcModuleList entryUUID: ac04c368-1c74-102e-826d-a73f90e057e6 creatorsName: cn=config createTimestamp: 20090813164703Z entryCSN: 20090813183712.967024Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183712Z
dn: olcOverlay={0}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: 10653536-1c84-102e-9258-bf448f0d99c4 creatorsName: cn=admin,cn=config createTimestamp: 20090813183714Z entryCSN: 20090813183714.001905Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183714Z
-- Charles
Belmopan, Belize
"... we just love cars and we love driving them!"
Hi,
On 19/08/2009 22:12, charles wrote:
{i'm sorry if this a duplicated}
i've "successfully" set up replication in a master-slave orientation, with persistent replication; the consumer receives database changes as they are made to the master.
i initialize the consumer database using a ldif created on the provider: /"//slapcat -b dc=murphy,dc=bz-v -l transfer.ldif" /
Initializing the consumer database is not mandatory. Syncrepl will replicate all entries on first startup.
Of course, if you have a large number of entries in your directory, you may want to "prime" the consumer like this to avoid large network transfers.
it has been functional for the past three weeks.for the most part it
works, entries are updated immediately. however, twice the data entires within all organizational units have been deleted and about four times either the syncuser or the admin cn's have been deleted from the consumer.
That doesn't sound completely functional to me...
By functional, I mean it replicates as changes are made on the provider.
i'm about to start over and entirely reconfigure the consumer. i'd
appreciate any feedback on anything that needs adjusting in my configuration or any gotchas. specifically - is my syncrepl directive accurate? - in initial configuration (dpkg) should i setup a different database than the one i intend to replicate?
both consumer and provider are running openldap 2.4.15-1ubuntu3
There have been many bugs fixed since 2.4.15 was released, in particular concerning syncrepl and syncprov. If you're setting up this system now, I really recommend using the latest version (2.4.17).
Regarding your configuration, it looks OK at a quick glance. A few comments:
- you don't need syncprov overlay on the consumer.
- the "interval" parameter is only useful for refreshOnly.
- your "retry" parameter will (eventually) stop retrying. Use the "+"
modifier to cause retry forever.
will adjust the directives and remove the overlay. i also looked at the release notes and changes before my submission, there didn't seem to be any changes pertinent to my situation. i'm also trying to roll as few software as possible.
I hope this helps, Jonathan
thanks.
Thanks alot.
provider's configuration: dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=murphy,dc=bz olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" read by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" read by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub olcDbIndex: entryCSN,entryUUID eq structuralObjectClass: olcHdbConfig entryUUID: e1dbc798-0ac2-102e-9977-37c480b68b78 creatorsName: cn=admin,cn=config createTimestamp: 20090722042133Z olcLimits: {0}dn.exact="cn=syncuser,dc=murphy,dc=bz" time.soft=unlimited time. hard=unlimited size.soft=unlimited size.hard=unlimited entryCSN: 20090806001008.586987Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090806001008Z
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}syncprov structuralObjectClass: olcModuleList entryUUID: e1da8df6-0ac2-102e-996f-37c480b68b78 creatorsName: cn=config createTimestamp: 20090722042133Z entryCSN: 20090805014105.909778Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090805014105Z
dn: olcOverlay={0}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: c94c1ab2-15ac-102e-8886-213db5dc8256 creatorsName: cn=admin,cn=config createTimestamp: 20090805014105Z entryCSN: 20090805014105.945605Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090805014105Z
consumer's configuration: dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=murphy,dc=bz olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=murphy,dc=bz" write by dn="cn=syncuser,dc=murphy,dc=bz" write by * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub olcDbIndex: entryCSN,entryUUID eq structuralObjectClass: olcHdbConfig entryUUID: ac0c4eee-1c74-102e-8275-a73f90e057e6 creatorsName: cn=admin,cn=config createTimestamp: 20090813164703Z olcRootDN: cn=admin,dc=murphy,dc=bz olcSyncrepl: {0}rid=16 provider=ldaps://marcos.murphy.bz http://marcos.murphy.bz/ binddn="cn=syncuser,dc=murphy,dc=bz"
bindmethod=simple credentials=replication searchbase="dc=murphy,dc=bz" scope=sub type=refreshAndPersist interval=00:00:20:00 retry="10 5 3 00 5" entryCSN: 20090813183713.024346Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183713Z
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}syncprov structuralObjectClass: olcModuleList entryUUID: ac04c368-1c74-102e-826d-a73f90e057e6 creatorsName: cn=config createTimestamp: 20090813164703Z entryCSN: 20090813183712.967024Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183712Z
dn: olcOverlay={0}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: 10653536-1c84-102e-9258-bf448f0d99c4 creatorsName: cn=admin,cn=config createTimestamp: 20090813183714Z entryCSN: 20090813183714.001905Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20090813183714Z
-- Charles
Belmopan, Belize
"... we just love cars and we love driving them!"
openldap-technical@openldap.org
-
charles -
Jonathan Clarke