Rex Roof wrote:
Gleaning any information out of that list is an arduous process. A
short description of each of those ITS bugs in the CVS comments would
serve that changes list well.
$ grep -i "mmr" CHANGES
Fixed slapd syncrepl too many MMR messages (ITS#6020)
Fixed slapd syncrepl skipped entries with MMR (ITS#5988)
Fixed slapd-syncprov too many MMR messages (ITS#6020)
Fixed slapo-syncprov skipped entries with MMR (ITS#5988)
admin24 clarified MMR URI requirements (ITS#5942,ITS#5987)
Fixed slapd glue with MMR (ITS#5925)
Fixed slapd syncrepl MMR when adding new server (ITS#5850)
Fixed slapd syncrepl MMR with deleted entries (ITS#5843)
Fixed slapd syncrepl MMR partial refresh (ITS#5470)
Fixed slapd-bdb MMR (ITS#5332)
Now this line seems relevant to the issue of the original poster:
Fixed slapd syncrepl MMR with deleted entries (ITS#5843)
So what's wrong with the CHANGES file?
but as an
administrator of OpenLDAP it is really frustrating to read about
Multi-Master Replication and to have people make random comments on the
mailing lists about MMR being dangerous and to read 5 year old papers
about how harmful it is (
http://www.watersprings.org/pub/id/draft-zeilenga-ldup-harmful-02.txt )
but yet the OpenLDAP 2.4 docs don't really warn against using it.
That's a completely different issue and it has nothing to do with which
LDAP server implementation you're using. The I-D above is worth reading.
Hope you did and understood it.
How are we supposed to be setting up OpenLDAP servers so that we can
have failover?
That depends entirely on your deployment. Note that in general not your
OpenLDAP server does the fail-over. Your LDAP clients have to do the
fail-over or a component in front of your servers. Whether that really
works depends on the characteristics of read/write operations sent by
your LDAP client applications.
Examples:
If you're just doing single write operations and all your LDAP clients
are doing simple logins with some password changes here and there you
don't have to worry about doing multi-master replication. You might
loose a write operation when one server is going down. But you won't
loose data integrity.
If you have LDAP client applications which sends a bunch of interrelated
writes or it's immediately reading the written content after writing you
will have a lot of weird issues even in cases where everything's fine.
Not to speak of some of the writeable servers going down without the
application really noticing and acting upon it.
=> As always you have to carefully think about *your* deployment.
There's no simple rule-of-thumb which fits every scenario. Being able to
design something like this in a robust manner distinguishs good IT
architects from bad IT architects.
I want to have a half-dozen OpenLDAP machines and have
any one of them accept writes and not be relying on any one of them to
be up for writes to occur. I've asked this question numerous times and
haven't ever gotten a reliable answer.
It would be grossly negligent to give a simple answer to such a
question. You should appreciate when people give you a hint that things
might be more complicated than you thought.
It is starting to get really annoying.
Well, if you're not willing to think yourself you have to buy skilled
people for analyzing/designing your architecture.
Ciao, Michael.