Hi,
I have multi-master replication configured. https://pastebin.com/vYKsa9VY I want to replace ldap3. Please tell me how to do this ? I mean, how does the new server synchronize the current ldap database?
Hi,
Le 16/03/2021 à 14:37, Клеусов Владимир Сергеевич a écrit :
Hi,
I have multi-master replication configured. https://pastebin.com/vYKsa9VY https://pastebin.com/vYKsa9VY I want to replace ldap3. Please tell me how to do this ? I mean, how does the new server synchronize the current ldap database?
You just have to deploy your new server with an empty database (or a database restored with a recent dump from another server, see slapcat / slapadd). If need, adjust the olcSyncRepl line of this new host on other hosts.
So : - install slapd on new host - prepare your slapd configuration (schemas, modules, databases configurations) without syncrepl. You could rsync slapd.d directory from another host and adjust host RID on cn=config / olcServerID. Be sure to adjust CRC in LDIF file if you change it manually. - restore your database with a dump from another host : -> on ldap1 : slapcat -n 1 > /tmp/ldif scp /tmp/ldif ldap3:/tmp/ -> on ldap3 : rm -f /var/lib/ldap/* slapadd -n 1 -q -l /tmp/ldif chown openldap: -R /var/lib/ldap/ - start slapd on ldap3
--On Tuesday, March 16, 2021 5:40 PM +0100 Benjamin Renard brenard@easter-eggs.com wrote:
-> on ldap1 : slapcat -n 1 > /tmp/ldif scp /tmp/ldif ldap3:/tmp/ -> on ldap3 : rm -f /var/lib/ldap/* slapadd -n 1 -q -l /tmp/ldif chown openldap: -R /var/lib/ldap/
- start slapd on ldap3
I would generally advise using slapcat/slapadd -b "base" rather -n as to avoid assumptions about database ordering. I generally advise only using -n for the config db (-n 0).
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Le 16/03/2021 à 16:55, Quanah Gibson-Mount a écrit :
I would generally advise using slapcat/slapadd -b "base" rather -n as to avoid assumptions about database ordering. I generally advise only using -n for the config db (-n 0).
+1, it's a very good practice !
Thank you for your advice. How do you like this plan ? 1) Remove the old ldap3 from replication to ldap1. Find out here how ) 2) Make a backup, 3) On a new server instead of ldap3 (let's call it ldap4). Recover from a backup and make https://pastebin.com/HHu1xSAw 4) On ldap1 do https://pastebin.com/J9pVmtuD
16 марта 2021 г., в 19:55, Benjamin Renard <brenard@easter-eggs.commailto:brenard@easter-eggs.com> написал(а):
Le 16/03/2021 à 16:55, Quanah Gibson-Mount a écrit : I would generally advise using slapcat/slapadd -b "base" rather -n as to avoid assumptions about database ordering. I generally advise only using -n for the config db (-n 0). +1, it's a very good practice ! -- Benjamin Renard - Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 43 35 00 76 mailto:brenard@easter-eggs.com - http://www.easter-eggs.com
--On Wednesday, March 17, 2021 8:58 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Thank you for your advice. How do you like this plan ?
- Remove the old ldap3 from replication to ldap1. Find out here how )
- Make a backup,
- On a new server instead of ldap3 (let's call it ldap4). Recover from a
backup and make https://pastebin.com/HHu1xSAw 4) On ldap1 do https://pastebin.com/J9pVmtuD
It's not necessary to remove ldap3 and replace it with ldap4.
Simply:
a) Stop slapd on the old ldap3 host
b) Export it's configuration using slapcat -n 0
c) Export it's primary db using slapcat -b ...
d) Copy the database exports + the certs being used to the new host
e) Shut down the old host
f) Install openldap on the new ldap3 host
g) Set up the certificates as they were before
h) Import the config db
i) Import the primary db
j) Start slapd
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
I'm sorry, I may have written something incomprehensible. I want to replace ldap3 with ldap4. That is, they will have different hostnames. ldap3 and ldap4 =) So I want to remove all ldap3 mentions first. Is this correct ?
17 марта 2021 г., в 18:58, Quanah Gibson-Mount quanah@symas.com написал(а):
--On Wednesday, March 17, 2021 8:58 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Thank you for your advice. How do you like this plan ?
- Remove the old ldap3 from replication to ldap1. Find out here how )
- Make a backup,
- On a new server instead of ldap3 (let's call it ldap4). Recover from a
backup and make https://pastebin.com/HHu1xSAw 4) On ldap1 do https://pastebin.com/J9pVmtuD
It's not necessary to remove ldap3 and replace it with ldap4.
Simply:
a) Stop slapd on the old ldap3 host
b) Export it's configuration using slapcat -n 0
c) Export it's primary db using slapcat -b ...
d) Copy the database exports + the certs being used to the new host
e) Shut down the old host
f) Install openldap on the new ldap3 host
g) Set up the certificates as they were before
h) Import the config db
i) Import the primary db
j) Start slapd
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Thursday, March 18, 2021 12:27 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
I'm sorry, I may have written something incomprehensible. I want to replace ldap3 with ldap4. That is, they will have different hostnames. ldap3 and ldap4 =) So I want to remove all ldap3 mentions first. Is this correct ?
The backup server needs to have the correct serverID prior to bringing it online. There's nothing that mandates changing it from the old serverID used by ldap3, and in general it's better to keep a consistent set of serverIDs rather than "retiring" one, unless you're also going to clean up your existing database of all references to the serverID being retired in the entryCSN values.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
I conducted a scientific experiment ) I removed the unnecessary server from replication (ldap 3 ) https://pastebin.com/UaekmFfr
Then I restarted slapd on the remaining ones (ldap1 and ldap2). ldap3 deleted
Then on the new server (ldap4) I configured everything for replication.
On ldap1 added https://pastebin.com/AWjj93dT
And restarted slapd on all servers
But in the logs on the old servers (ldap1 and ldap2)
syncrepl_null_callback : error code 0x50 syncrepl_entry: rid=003 be_modify failed (80) do_syncrepl: rid=003 rc 80 retrying
However, users are synced between servers)
Why would such an error occur ?
Is it possible to defeat this error ? ;)
23 марта 2021 г., в 20:54, Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> написал(а):
--On Thursday, March 18, 2021 12:27 PM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
I'm sorry, I may have written something incomprehensible. I want to replace ldap3 with ldap4. That is, they will have different hostnames. ldap3 and ldap4 =) So I want to remove all ldap3 mentions first. Is this correct ?
The backup server needs to have the correct serverID prior to bringing it online. There's nothing that mandates changing it from the old serverID used by ldap3, and in general it's better to keep a consistent set of serverIDs rather than "retiring" one, unless you're also going to clean up your existing database of all references to the serverID being retired in the entryCSN values.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Monday, April 5, 2021 4:38 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Then I restarted slapd on the remaining ones (ldap1 and ldap2). ldap3 deleted
Why did you restart them? You're using cn=config.
Then on the new server (ldap4) I configured everything for replication.
And restarted slapd on all servers
Same question as above
But in the logs on the old servers (ldap1 and ldap2)
syncrepl_null_callback : error code 0x50 syncrepl_entry: rid=003 be_modify failed (80) do_syncrepl: rid=003 rc 80 retrying
However, users are synced between servers)
Why would such an error occur ?
You provided zero information about what the error corresponds to, so no one can answer this question.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
I restarted the service to be sure that the changes applied
Error in slapd logs. Please tell me what information you need to give ? I checked if I can remove ldap4 from replication on one of the old servers and add it again. Yes, I can. The changes are applied immediately to all servers in the replication. This means that replication is fully working. But I do not understand what is the essence of the error in the logs. Any help is greatly appreciated )
5 апр. 2021 г., в 20:01, Quanah Gibson-Mount quanah@symas.com написал(а):
--On Monday, April 5, 2021 4:38 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Then I restarted slapd on the remaining ones (ldap1 and ldap2). ldap3 deleted
Why did you restart them? You're using cn=config.
Then on the new server (ldap4) I configured everything for replication.
And restarted slapd on all servers
Same question as above
But in the logs on the old servers (ldap1 and ldap2)
syncrepl_null_callback : error code 0x50 syncrepl_entry: rid=003 be_modify failed (80) do_syncrepl: rid=003 rc 80 retrying
However, users are synced between servers)
Why would such an error occur ?
You provided zero information about what the error corresponds to, so no one can answer this question.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Tuesday, April 6, 2021 8:49 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
I restarted the service to be sure that the changes applied
The whole point to cn=config is that restarts shouldn't be necessary.
Error in slapd logs. Please tell me what information you need to give ? I checked if I can remove ldap4 from replication on one of the old servers and add it again. Yes, I can. The changes are applied immediately to all servers in the replication. This means that replication is fully working. But I do not understand what is the essence of the error in the logs. Any help is greatly appreciated )
syncrepl_null_callback : error code 0x50 syncrepl_entry: rid=003 be_modify failed (80) do_syncrepl: rid=003 rc 80 retrying
The above doesn't indicate what entry the modify operation failed on, so there's no way to say what needs to be done.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Benjamin Renard -
Quanah Gibson-Mount -
Клеусов Владимир Сергее вич -
Клеусов Владимир Сергеевич