I have two servers i'd like to setup to do MMR. I have several BDB backends that I would like to replicate. My question is do I need to create a "replicate" user for each BDB backend as well as a syncrepl statement under each BDB definition and an acl to allow the sync user to read the each BDB? Consider the slapd configuration below. Or is is possible to just setup one user with read access to all of my BDB backends and then setup just one syncrepl statement?
serverID 1 ldap://txeduds1 serverID 2 ldap://txeduds2
database bdb suffix "dc=il,dc=edu,dc=com" rootdn "cn=LDAPAdmin,dc=il,dc=edu,dc=com" rootpw xxxx directory /var/lib/ldap/ldap.edu.il monitoring off
syncrepl rid=001 provider=ldap://txeduds1:389 type=refreshAndPersist retry="60 10 300 +" searchbase="dc=il,dc=edu,dc=com" attrs="*,+" schemachecking=off bindmethod=simple starttls=no tls_reqcert=never binddn="cn=ilreplicator,ou=ilservice,dc=il,dc=edu,dc=com" credentials=xxxx
##Syncrepl overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
mirrormode on
limits dn.exact="cn=ilreplicator,ou=ilservice,dc=il,dc=edu,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
####################################################################################
####################################################################################
access to attrs=userpassword by dn.base="cn=njreplicator,ou=njservice,dc=nj,dc=edu,dc=com read by self write by anonymous auth by * none
database bdb suffix "dc=nj,dc=edu,dc=com" rootdn "cn=LDAPAdmin,dc=nj,dc=edu,dc=com" rootpw xxxx directory /var/lib/ldap/ldap.edu.nj monitoring off
syncrepl rid=001 provider=ldap://txeduds1:389 type=refreshAndPersist retry="60 10 300 +" searchbase="dc=nj,dc=edu,dc=com" attrs="*,+" schemachecking=off bindmethod=simple starttls=no tls_reqcert=never binddn="cn=njreplicator,ou=njservice,dc=nj,dc=edu,dc=com" credentials=xxx
##Syncrepl overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
mirrormode on
limits dn.exact="cn=njreplicator,ou=njservice,dc=nj,dc=edu,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
####################################################################################
####################################################################################
access to attrs=userpassword by dn.base="cn=gareplicator,ou=gaservice,dc=ga,dc=edu,dc=com" read by self write by anonymous auth by * none
database bdb suffix "dc=ga,dc=edu,dc=com" rootdn "cn=LDAPAdmin,dc=ga,dc=edu,dc=com" rootpw xxx directory /var/lib/ldap/ldap.edu.ga
syncrepl rid=001 provider=ldap://txeduds1:389 type=refreshAndPersist retry="60 10 300 +" searchbase="dc=ga,dc=edu,dc=com" attrs="*,+" schemachecking=off bindmethod=simple starttls=no tls_reqcert=never binddn="cn=gareplicator,ou=gaservice,dc=ga,dc=edu,dc=com" credentials=xxx
##Syncrepl overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
mirrormode on
Michael,
Michael schrieb (27.03.2014 21:58 Uhr):
I have two servers i'd like to setup to do MMR. I have several BDB backends that I would like to replicate. My question is do I need to create a "replicate" user for each BDB backend as well as a syncrepl statement under each BDB definition and an acl to allow the sync user to read the each BDB? Consider the slapd configuration below. Or is is possible to just setup one user with read access to all of my BDB backends and then setup just one syncrepl statement?
The replication user has to have enough rights to access (read) all the to replicate data on the provider. An ACL defined outside a database definition is valid for all of the databases on the server. So yes, you can have one replications user for all your databases (on the provider).
Marc
Thanks Marc, that's essentially the information I was looking for.
-Mike
Date: Fri, 28 Mar 2014 13:18:00 +0100 From: hans.moser@ofd-z.niedersachsen.de To: mlstarling31@hotmail.com Subject: Re: Syncrepl Multi-Master with multiple BDB backends CC: openldap-technical@openldap.org
Michael,
Michael schrieb (27.03.2014 21:58 Uhr):
I have two servers i'd like to setup to do MMR. I have several BDB backends that I would like to replicate. My question is do I need to create a "replicate" user for each BDB backend as well as a syncrepl statement under each BDB definition and an acl to allow the sync user to read the each BDB? Consider the slapd configuration below. Or is is possible to just setup one user with read access to all of my BDB backends and then setup just one syncrepl statement?
The replication user has to have enough rights to access (read) all the to replicate data on the provider. An ACL defined outside a database definition is valid for all of the databases on the server. So yes, you can have one replications user for all your databases (on the provider).
Marc
openldap-technical@openldap.org
-
Marc Patermann -
Michael