I think I can have two "rid=000" because I do not see any complaints on the logs (both masters) and the replication works. I'll have to read more about this.
Thanks, Guruprasad On Nov 25, 2014 2:46 AM, "Ulrich Windl" Ulrich.Windl@rz.uni-regensburg.de wrote:
Hi!
First I think you cannot have two "rid=000", second (unless you use certificates or more sophisticated mechs) your password will be visible in the config. That's why the config should be protected (and better not be sent to this list unmodified).
Regards, Ulrich
Guruprasad Kulkarni gkulkarni@gridcosystems.com schrieb am
24.11.2014 um 20:01 in Nachricht CAB6=W2stWBseeehyE7vPn-v1BG6Wro+WPZtqdMb8ZY0yFqrXSQ@mail.gmail.com:
So I found an example for setting up multi master replication using slapd.conf
*slapd.conf for MASTER 1*
*# slapd master ldap1.example.com http://ldap1.example.com* *# global section* *serverID 001*
*database bdb* *...*
*access to **
by dn.base="cn=admin,ou=people,dc=example,dc=com" read*
by * read*
*syncrepl rid=000 *
- provider=ldap://ldap2.example.com http://ldap2.example.com*
- type=refreshAndPersist*
- retry="5 5 300 +" *
- searchbase="dc=example,dc=com"*
- attrs="*,+"*
- bindmethod=simple*
- binddn="cn=admin,ou=people,dc=example,dc=com"*
- credentials=secret*
*index objectClass eq*
*mirrormode TRUE*
*overlay syncprov* *syncprov-checkpoint 100 10*
*slapd.conf for MASTER 2*
*# slapd master ldap2.example.com http://ldap2.example.com* *# global section* *serverID 002*
*database bdb* *...*
*access to **
by dn.base="cn=admin,ou=people,dc=example,dc=com" read*
by * read *
*syncrepl rid=000 *
- provider=ldap://ldap1.example.com http://ldap1.example.com*
- type=refreshAndPersist*
- retry="5 5 300 +" *
- searchbase="dc=example,dc=com"*
- attrs="*,+"*
- bindmethod=simple*
- binddn="cn=admin,ou=people,dc=example,dc=com"*
- credentials=secret*
*index objectClass eq*
*mirrormode TRUE*
*overlay syncprov* *syncprov-checkpoint 100 10*
My question is - Do the credentials have to be clear text passwords? If not, how do I mention encrypted passwords? (I tried within quotes ' '
and "
", but each time got invalid credentials error)
On Mon, Nov 24, 2014 at 1:28 PM, Howard Chu hyc@symas.com wrote:
Guruprasad Kulkarni wrote:
Hi,
I did have a look at the options and only "--enable-modules" option talks about dynamic module support
I tried "--enable-dynamic" option as well (the description for it is enable linking built binaries with dynamic libs)
What I do observe is that even though I have "moduleload syncprov.la http://syncprov.la" directive in slapd.conf, slapd does not complain about it. So I guess I do not have to specify the module path (syncreplication tests were successful as well)
Correct, moduleload silently succeeds if you specify a module that was built statically.
I also realized I was looking at the OLC configuration examples for multi master. What I need to do is find slapd.conf example for multi master.
On Mon, Nov 24, 2014 at 11:29 AM, Dieter Klünter <dieter@dkluenter.de mailto:dieter@dkluenter.de> wrote:
Am Mon, 24 Nov 2014 09:52:34 -0500 schrieb Guruprasad Kulkarni <gkulkarni@gridcosystems.com <mailto:gkulkarni@gridcosystems.com>>: > I have 2 questions regarding multi master replication: > > 1. I built openldap 2.4.40 from source and according to the
makefile, > the module directory should be at /usr/local/libexec/openldap. > > However I do not see such a folder. Am I missing something?
The
> options I used with configure were "--enable-debug
--enable-modules
> --enable-hdb --enable-monitor --enable-ppolicy --enable-syncprov > --with-tls --with-cyrus-sasl" > > I am asking because the multi master replication example ( >http://www.openldap.org/doc/admin24/replication.html > <http://www.openldap.org/doc/admin24/replication.html#N-Way>)
needs > me to load thesyncprov.la http://syncprov.la module, but I am not sure if the > modulepath given there is correct or not.
You have probably not build dynamic loadable modules, but built-in modules. you should run ./configure --help | less, which will show proper
build
choices.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
-- -Guruprasad
--On Tuesday, November 25, 2014 8:21 AM -0500 Guruprasad Kulkarni gkulkarni@gridcosystems.com wrote:
I think I can have two "rid=000" because I do not see any complaints on the logs (both masters) and the replication works. I'll have to read more about this.
rids must be unique inside a given server. SIDs must be unique between masters.
I.e., a given master could have rid=100 rid=101 rid=102
but that given master can not have rid=100 rid=100
I.e., RIDs are specific to a single server, and that server does not care what RIDs a different server uses. I.e., two different servers can both have a rid=100 set.
--Quanah
--
Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org