I have not had a response yet. Would someone please check the syncrepl setup of the config files (below) to see if there are any issues? In particular, do I need the syncprov-checkpoint ? Thanks.
________________________________ From: Robert Hanson Sent: Monday, August 03, 2009 4:01 PM To: openldap-technical@openldap.org Subject: Multi-master configuration -- check my slapd.conf files please?
Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out?
================================================== Server 10.192,252.64 ================================================== # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema" include "/opt/cisco/uccx/desktop/schemaconf/corba.schema" include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema" include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema" include "/opt/cisco/uccx/desktop/schemaconf/nis.schema" include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid" argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections, # and any connections closed by the client, # are held open by slapd for this number of seconds #900 = 15 minutes #300 = 5 minutes idletimeout 300
sizelimit unlimited # Max # of threads. Default is 16 #threads 16
# For older Enterprise clients - AM allow bind_v2
# Maximum # of authenticate connections that can be pending conn_max_pending_auth 2000
# Don't allow clients to modify anything under People access to dn.subtree="ou=People,o=OurCompanyName Communications" by dn="cn=Client,ou=People,o=OurCompanyName Communications" read by * read # Allow clients to modify Company and so on access to * by dn="cn=Client,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write by * read
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "o=OurCompanyName Communications" rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications" checkpoint 10 1 # Number of entries mantain in cache. Default is 1000 cachesize 50000 # 8 = 4 MB per thr. Default is 16 searchstack 8
# Root user password rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain index objectClass eq index empID eq index tid eq index svrType eq index ipHostName eq index keyName eq
# for sync repl serverID 1
syncrepl rid=123 searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.65:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications" credentials=5385
mirrormode true
# ash - following will cause circular reaction if in both sides in slapd.conf # updateref ldap://10.192.252.84:999
# set the host up as a provider overlay syncprov syncprov-checkpoint 100 10
================================================== Server 10.192,252.65 ================================================== # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 03:54:12 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema" include "/opt/cisco/uccx/desktop/schemaconf/corba.schema" include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema" include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema" include "/opt/cisco/uccx/desktop/schemaconf/nis.schema" include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid" argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections, # and any connections closed by the client, # are held open by slapd for this number of seconds #900 = 15 minutes #300 = 5 minutes idletimeout 300
sizelimit unlimited # Max # of threads. Default is 16 #threads 16
# For older Enterprise clients - AM allow bind_v2
# Maximum # of authenticate connections that can be pending conn_max_pending_auth 2000
# Don't allow clients to modify anything under People access to dn.subtree="ou=People,o=OurCompanyName Communications" by dn="cn=Client,ou=People,o=OurCompanyName Communications" read by * read # Allow clients to modify Company and so on access to * by dn="cn=Client,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications" write by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications" write by * read
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "o=OurCompanyName Communications" rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications" checkpoint 10 1 # Number of entries mantain in cache. Default is 1000 cachesize 50000 # 8 = 4 MB per thr. Default is 16 searchstack 8
# Root user password rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain index objectClass eq index empID eq index tid eq index svrType eq index ipHostName eq index keyName eq
# for sync repl serverID 2
syncrepl rid=123 searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.64:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyName Communications" credentials=5385
mirrormode true
# ash - following will cause circular reaction if in both sides in slapd.conf # updateref ldap://10.192.252.84:999
# set the host up as a provider overlay syncprov syncprov-checkpoint 100 10
--On Friday, August 14, 2009 11:16 AM -0500 Robert Hanson Robert.Hanson@calabrio.com wrote:
I have not had a response yet. Would someone please check the syncrepl setup of the config files (below) to see if there are any issues? In particular, do I need the syncprov-checkpoint ? Thanks.
This is a volunteer mailing list. Responses are optional. If you expect immediate help and answers, I'd advise you to set up a support contract with a company that provides OpenLDAP support.
See: http://www.openldap.org/support/
--Quanah
From: Robert Hanson Sent: Monday, August 03, 2009 4:01 PM To: openldap-technical@openldap.org Subject: Multi-master configuration -- check my slapd.conf files please?
Over the last weeks, we've been installing systems that have multi-master configurations (where there are 2 servers; each one meant to accept modifications and forward those modifications on to the other server). Occasionally, we've seen a case where a node in the tree has a structuralObjectClass of "glue" rather than the intended structuralObjectClass. Someone on this list suggested I post the slapd.conf files and logs. We don't at the moment have any logs, but I do have the slapd.conf files. Would someone take a look at these and see if anything stands out?
==================================================
Server 10.192,252.64
==================================================
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 # 03:54:12 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema"
include "/opt/cisco/uccx/desktop/schemaconf/corba.schema"
include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"
include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"
include "/opt/cisco/uccx/desktop/schemaconf/nis.schema"
include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid"
argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections,
# and any connections closed by the client,
# are held open by slapd for this number of seconds
# 900 = 15 minutes
# 300 = 5 minutes
idletimeout 300
sizelimit unlimited
# Max # of threads. Default is 16
# threads 16
# For older Enterprise clients - AM
allow bind_v2
# Maximum # of authenticate connections that can be pending
conn_max_pending_auth 2000
# Don't allow clients to modify anything under People
access to dn.subtree="ou=People,o=OurCompanyName Communications"
by dn="cn=Client,ou=People,o=OurCompanyName Communications"read
by * read# Allow clients to modify Company and so on
access to *
by dn="cn=Client,ou=People,o=OurCompanyName Communications"write
by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications"write
by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications"write
by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications"write
by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications"write
by * read#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=OurCompanyName Communications"
rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"
checkpoint 10 1
# Number of entries mantain in cache. Default is 1000
cachesize 50000
# 8 = 4 MB per thr. Default is 16
searchstack 8
# Root user password
rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain
index objectClass eq
index empID eq
index tid eq
index svrType eq
index ipHostName eq
index keyName eq
# for sync repl
serverID 1
syncrepl rid=123
searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.65:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyNameCommunications"
credentials=5385mirrormode true
# ash - following will cause circular reaction if in both sides in # slapd.conf
# updateref ldap://10.192.252.84:999
# set the host up as a provider
overlay syncprov
syncprov-checkpoint 100 10
==================================================
Server 10.192,252.65
==================================================
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24 # 03:54:12 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path "/opt/cisco/uccx/desktop/database"
include "/opt/cisco/uccx/desktop/schemaconf/core.schema"
include "/opt/cisco/uccx/desktop/schemaconf/corba.schema"
include "/opt/cisco/uccx/desktop/schemaconf/cosine.schema"
include "/opt/cisco/uccx/desktop/schemaconf/inetorgperson.schema"
include "/opt/cisco/uccx/desktop/schemaconf/nis.schema"
include "/opt/cisco/uccx/desktop/schemaconf/OurCompanyName.schema"
pidfile "/var/run/desktop/slapd.pid"
argsfile "/var/run/desktop/slapd.args"
# inactive, but still open connections,
# and any connections closed by the client,
# are held open by slapd for this number of seconds
# 900 = 15 minutes
# 300 = 5 minutes
idletimeout 300
sizelimit unlimited
# Max # of threads. Default is 16
# threads 16
# For older Enterprise clients - AM
allow bind_v2
# Maximum # of authenticate connections that can be pending
conn_max_pending_auth 2000
# Don't allow clients to modify anything under People
access to dn.subtree="ou=People,o=OurCompanyName Communications"
by dn="cn=Client,ou=People,o=OurCompanyName Communications"read
by * read# Allow clients to modify Company and so on
access to *
by dn="cn=Client,ou=People,o=OurCompanyName Communications"write
by dn="cn=SplkRep1,ou=People,o=OurCompanyName Communications"write
by dn="cn=SplkRep2,ou=People,o=OurCompanyName Communications"write
by dn="cn=SplkRep3,ou=People,o=OurCompanyName Communications"write
by dn="cn=SplkRep4,ou=People,o=OurCompanyName Communications"write
by * read#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=OurCompanyName Communications"
rootdn "cn=OurCompanyName,ou=People,o=OurCompanyName Communications"
checkpoint 10 1
# Number of entries mantain in cache. Default is 1000
cachesize 50000
# 8 = 4 MB per thr. Default is 16
searchstack 8
# Root user password
rootpw {SSHA}qTp612HSRZ9HX7ICW95TCAOOnVNacOK6
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory "/opt/cisco/uccx/desktop/database"
# Indices to maintain
index objectClass eq
index empID eq
index tid eq
index svrType eq
index ipHostName eq
index keyName eq
# for sync repl
serverID 2
syncrepl rid=123
searchbase="o=OurCompanyName Communications" provider=ldap://10.192.252.64:3016 type=refreshAndPersist retry="5 5 300 +" schemachecking=on attrs=* bindmethod=simple binddn="cn=OurCompanyName, ou=People, o=OurCompanyNameCommunications"
credentials=5385mirrormode true
# ash - following will cause circular reaction if in both sides in # slapd.conf
# updateref ldap://10.192.252.84:999
# set the host up as a provider
overlay syncprov
syncprov-checkpoint 100 10
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Robert Hanson