Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out?
================================================== Server 10.192,252.64 ================================================== # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema" include "/opt/cisco/uccx/desktop/schemaconf/corba.schema" include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema" include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema" include "/opt/cisco/uccx/desktop/schemaconf/nis.schema" include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid" argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections, # and any connections closed by the client, # are held open by slapd for this number of seconds #900 = 15 minutes #300 = 5 minutes idletimeout 300
sizelimit unlimited # Max # of threads. Default is 16 #threads 16
# For older Enterprise clients - AM allow bind_v2
# Maximum # of authenticate connections that can be pending conn_max_pending_auth 2000
# Don't allow clients to modify anything under People access to dn.subtree="ou=People,o=OurCompanyName Communications" by dn="cn=Client,ou=People,o=OurCompanyName Communications" read by * read # Allow clients to modify Company and so on access to * by dn="cn=Client,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write by * read
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "o=OurCompanyName Communications" rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications" checkpoint 10 1 # Number of entries mantain in cache. Default is 1000 cachesize 50000 # 8 = 4 MB per thr. Default is 16 searchstack 8
# Root user password rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain index objectClass eq index empID eq index tid eq index svrType eq index ipHostName eq index keyName eq
# for sync repl serverID 1
syncrepl rid=123 searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.65:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications" credentials=5385
mirrormode true
# ash - following will cause circular reaction if in both sides in slapd.conf # updateref ldap://10.192.252.84:999
# set the host up as a provider overlay syncprov syncprov-checkpoint 100 10
================================================== Server 10.192,252.65 ================================================== # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema" include "/opt/cisco/uccx/desktop/schemaconf/corba.schema" include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema" include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema" include "/opt/cisco/uccx/desktop/schemaconf/nis.schema" include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid" argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections, # and any connections closed by the client, # are held open by slapd for this number of seconds #900 = 15 minutes #300 = 5 minutes idletimeout 300
sizelimit unlimited # Max # of threads. Default is 16 #threads 16
# For older Enterprise clients - AM allow bind_v2
# Maximum # of authenticate connections that can be pending conn_max_pending_auth 2000
# Don't allow clients to modify anything under People access to dn.subtree="ou=People,o=OurCompanyName Communications" by dn="cn=Client,ou=People,o=OurCompanyName Communications" read by * read # Allow clients to modify Company and so on access to * by dn="cn=Client,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write by * read
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "o=OurCompanyName Communications" rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications" checkpoint 10 1 # Number of entries mantain in cache. Default is 1000 cachesize 50000 # 8 = 4 MB per thr. Default is 16 searchstack 8
# Root user password rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain index objectClass eq index empID eq index tid eq index svrType eq index ipHostName eq index keyName eq
# for sync repl serverID 2
syncrepl rid=123 searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.64:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications" credentials=5385
mirrormode true
# ash - following will cause circular reaction if in both sides in slapd.conf # updateref ldap://10.192.252.84:999
# set the host up as a provider overlay syncprov syncprov-checkpoint 100 10
--On Monday, August 03, 2009 4:01 PM -0500 Robert Hanson Robert.Hanson@calabrio.com wrote:
Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out?
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=OurCompanyName Communications"
rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"
checkpoint 10 1
This is an amazingly tiny checkpoint frequency. Do you really need to checkpoint every minute? The smallest I usually see is 64 5.
# 8 = 4 MB per thr. Default is 16
searchstack 8
You're the first person I've ever seen mess with this...
syncrepl rid=123
searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.65:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=*
Your attrs line is clearly wrong. Remove it and use the default.
Same comments on your other servers.
You've also failed to mention what version of OpenLDAP you are running.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Thanks for the comments. This is 2.4.17
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Friday, August 14, 2009 3:11 PM To: Robert Hanson; openldap-technical@openldap.org Subject: Re: Multi-master configuration -- check my slapd.conf files please?
--On Monday, August 03, 2009 4:01 PM -0500 Robert Hanson Robert.Hanson@calabrio.com wrote:
Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out?
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=OurCompanyName Communications"
rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"
checkpoint 10 1
This is an amazingly tiny checkpoint frequency. Do you really need to checkpoint every minute? The smallest I usually see is 64 5.
# 8 = 4 MB per thr. Default is 16
searchstack 8
You're the first person I've ever seen mess with this...
syncrepl rid=123
searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.65:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=*
Your attrs line is clearly wrong. Remove it and use the default.
Same comments on your other servers.
You've also failed to mention what version of OpenLDAP you are running.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org