Hi Bernd and Dieter,
Thank you very much for your advice.
Unfortunately, however, I still haven't succeeded in getting N-way MMR to work.
So, to get it straight in my mind, I've written it up in 3 parts below -- (1) Problem Statement and Requirements, (2) My Implementation Attempt, and (3) Where It's Failing.
(1) Problem Statement and Requirements: ============================== Need N-Way Multi-Master OpenLDAP Replication for 3 nodes.
LDAP Writes are infrequent, but can occur to any of the 3 nodes.
No need for high performance.
No need for ACID transactions.
There is no database or anything at all at present, so it's a clean slate for development.
slapd.conf(5) will not be used at all. Only slapd-config will be used for configuring.
The only back-end that will be used is bdb.
The only replication mechanism is syncrepl in Provider Push mode of operation, ie., refreshAndPersist, which is initiated by a Consumer. (Consumer Pull mode of operation, ie. refreshOnly, will not be used at all.). So, once the Provider services the Consumer’s search request, Provider locally persists the synchronization search.
There will be no maintaining of any Provider session log store. Thus only the Present phase of the refresh synchronization will be used. (not the Delete phase at all).
Database creation will be performed off-line (to ensure database is not accessed while being created!). (not on-line). Thus the database creation tools that will be used are slapadd, slapcat, slaptest etc. (not ldapadd, ldapmodify etc.)
In fact, there being no database to begin with, for slapadd I must use the "-b suffix" to specify which database to add entries to. slapadd -b bdb (not the "slapadd -n 0" parameter to specify the zero-th database.).
(2) My Implementation Attempt: ========================== I have copy-pasted the exact text from the OpenLDAP 2.4 Administrator's Guide, Section 18.3.3 "N-Way Multi-Master" (with my only changes being to my user variables), as follows:
#################################### # mmr.ldif #################################### # This sets up the config database: dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret
# second and third servers will have a different olcServerID obviously: dn: cn=config objectClass: olcGlobal cn: config olcServerID: 2
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret
dn: cn=config objectClass: olcGlobal cn: config olcServerID: 3
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret
# This sets up syncrepl as a provider (since these are all masters): dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/local/libexec/openldap olcModuleLoad: syncprov.la
# Now we setup the first Master Node # (replace $URI1, $URI2 and $URI3 etc. with your actual ldap urls): URI1="ldap://ldap.node1.mycompany.com" URI2="ldap://ldap.node2.mycompany.com" URI3="ldap://ldap.node3.mycompany.com" dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 olcServerID: 3 $URI3
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
add: olcMirrorMode olcMirrorMode: TRUE
# Now start up the Master and a consumer/s; # also add the above LDIF to the first consumer, second consumer etc. # It will then replicate cn=config. # You now have N-Way Multimaster on the config database.
# We still have to replicate the actual data, not just the config; # so add to the master # (all active and configured consumers/masters will pull down this config, # as they are all syncing). # Also, replace all ${} variables with whatever is applicable to your setup: BACKEND=bdb BASEDN="dc=ldapservice,dc=hq,dc=mycompany,dc=com" MANAGERDN="cn=Admins,$BASEDN" PASSWD=secret dn: olcDatabase={1}$BACKEND,cn=config objectClass: olcDatabaseConfig objectClass: olc${BACKEND}Config olcDatabase: {1}$BACKEND olcSuffix: $BASEDN olcDbDirectory: ./db olcRootDN: $MANAGERDN olcRootPW: $PASSWD olcLimits: dn.exact="$MANAGERDN" time.soft=unlimited time.hard=unlimited size.soft=unlimited olcSyncRepl:
rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=006 provider=$URI3 binddn="$MANAGERDN" bindmethod=simple credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
# Note: All of your servers' clocks must be tightly synchronized using e.g. NTP. # Note: URLs specified in olcSyncRepl directives are the servers URLs to replicate from. # These must exactly match the URLs slapd listens on (-h in Command-Line Options). # Otherwise slapd may attempt to replicate from itself, causing a loop.
(3) Where It's Failing: ================= I first executed the following:
slapadd -v -F /usr/local/etc/openldap/slapd.d -b bdb -l mmr.ldif
But that was a fiasco, saying "slapadd: slap_init invalid suffix ("bdb") ". So I suppose I must create the database beforehand?
So then I created the database (by running slapd using slapd.conf with "database config" and "rootpw config" directives commented out); then I stopped the slapd service and executed the following: slapadd -v -F /usr/local/etc/openldap/slapd.d -n 0 -l mmr.ldif That failed too, saying "slapadd: could not add entry dn="cn=config" (line=1)".
So then I tried: slapadd -v -F /usr/local/etc/openldap/slapd.d -n 1 -l mmr.ldif That failed too, saying "slapadd: database doesn't support necessary operations".
So then I tried: slapadd -v -F /usr/local/etc/openldap/slapd.d -n 2 -l mmr.ldif That failed too, saying "slapadd: line 1: database #2 (dc=ldapservice,dc=hq,dc=mycompany,dc=com) not configured to hold "cn=config"; did you mean to use database #0 (cn=config)?".
Of course, when I try any other number for n it says "Database number selected via -n is out of range. Must be in the range 0 to 2 (the number of configured databases)."
So, my question is: How in the world do I configure my database #0 to also include my database #2 entities?
Or, alternatively, how do I configure my database #2 to also hold "cn=config"?
There is an old OpenLDAP.org blog which summarises how, but doesn't describe any execution steps at all: http://blog.suretecsystems.com/archives/40-OpenLDAP-Weekly-News-Issue-5.html "
*Multi-Master Replication configuration example:*
This has been asked for a few times now, so I'm putting an example here for use with OpenLDAP 2.4.6, which will then be part of the main docshttp://www.openldap.org/doc
This is adapted from test050-syncrepl-multimasterhttp://www.openldap.org/devel/cvsweb.cgi/tests/scripts/test050-syncrepl-multimaster?hideattic=1&sortbydate=0
A proper writeup will be in the admin guidehttp://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Mastersoon, I promise [image: ;-)]
Right, the following is all in LDIFhttp://en.wikipedia.org/wiki/LDAP_Data_Interchange_Formatformat and you *slapadd* them to your *cn=config* on the amount of Master nodes you have/want (using *slappasswd* of course):
This sets up the config database: "
I really urgently need your help with this, please. I thoroughly appreciate your help so far.
Thanks
Fal
On Fri, Dec 28, 2012 at 9:18 AM, fal patel fal0patel@gmail.com wrote:
---------- Forwarded message ---------- From: Bernd May bernd@net.t-labs.tu-berlin.de Date: Fri, Dec 28, 2012 at 5:07 AM Subject: Re: Multi-Master OpenLDAP Replication for 3 nodes -- slapadd command failing To: openldap-technical@openldap.org
From the manpage of slapadd:
'-n dbnum Add entries to the dbnum-th database listed in the configuration file. The -n cannot be used in conjunction with the -b option. To populate the config database slapd-config(5), use -n 0 as it is always the first database. It must physically exist on the filesystem prior to this, however.'
hth
On 28.12.2012 09:14, fal patel wrote:
Hi Dieter,
Thank you very much, but even though I spent all day trying to figure out the problem I could not make any progress at all.
The mmr_servers.ldif file I provided is an *exact* copy of the OpenLDAP
2.4
Administrator's Guide Section 18.3.3 "N-Way Multi-Master", so if it is
not
working it has to be a documentation error/bug in that section of the Administrator's Guide itself. Or is it the case that the variables I'm setting therein are wrong?
Here are the variable values I'm setting:
# Also, replace all ${} variables with whatever is applicable to your
setup:
BACKEND=bdb BASEDN="dc=ldapservice,dc=hq,dc=mycompany,dc=com" MANAGERDN="cn=admin,$BASEDN" PASSWD=secret
The slapd.conf file also is the *exact* same one that gets created at install-time in /usr/local/etc/openldap/ , with the only change being my "BDB database definitions" customisations as follows: ####################################################################### # BDB database definitions #######################################################################
## added for multimaster replication (prior to running slapadd to create db): database bdb # suffix <DN of root of subtree you are trying to create> suffix "dc=ldapservice,dc=hq,dc=mycompany,dc=com" rootdn "cn=admin,dc=ldapservice,dc=hq,dc=mycompany,dc=com" rootpw secret # directory for index files directory /usr/local/var/openldap-data # specify which indices you want to build index objectClass eq # loglevel 64
Whatever I try, however, slapadd gives the same error:
ubuntu11@ubuntu11:~$ sudo slapadd -l /home/ubuntu11/openldap-2.4.33/mmr_servers.ldif -f /usr/local/etc/openldap/slapd.conf -F /usr/local/etc/openldap/slapd.d 50dd4b2a bdb_monitor_db_open: monitoring disabled; configure monitor database to enable slapadd: line 1: database #1 (dc=ldapservice,dc=hq,dc=practicefusion,dc=com) not configured to hold "cn=config"; did you mean to use database #0 (cn=config)? _ 3.25% eta none elapsed none spd
833.5
k/s Closing DB...
I didn't quite understand your instructions either:
"cn=config has to be database number 0, that is, the first database declaration must be cn=config."
In mmr_servers.ldif, the very first line is dn: cn=config
How do I cause cn=config to be database number 0 , please?
And why should I have to, unless the text in OpenLDAP 2.4 Administrator's Guide, Section 18.3.3 "N-Way Multi-Master" has a bug?
Could you please advise? I am completely stuck.
Thank you very much.
Fal
On Thu, Dec 27, 2012 at 3:54 AM, Dieter Klünter dieter@dkluenter.de
wrote:
Am Thu, 27 Dec 2012 02:22:18 -0800 schrieb fal patel fal0patel@gmail.com:
Oops -- forgot to enter subject-line!
On Thu, Dec 27, 2012 at 2:11 AM, fal patel fal0patel@gmail.com wrote:
Hello,
I'm trying to accomplish Multi-Master OpenLDAP Replication for 3 nodes, but it's not working.
[...]
(1) The slapadd command, I execute, and the error message I get:
sudo slapadd -l /home/ubuntu11/openldap-2.4.33/mmr_servers.ldif -f /usr/local/etc/openldap/slapd.conf -F /usr/local/etc/openldap/slapd.d [sudo] password for ubuntu11: 50dc0b31 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable slapadd: line 1: database #1 (dc=ldapservice,dc=hq,dc=mycompany,dc=com) not configured to hold "cn=config"; did you mean to use database #0 (cn=config)? _ 2.58% eta none elapsed none
This error is quite clear, cn=config has to be database number 0, that is, the first database declaration must be cn=config. This is probably due to including a slapd.conf file with a database declaration.
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
-- Technische Universität Berlin - FGINET
Bernd May
System Administration An-Institut Deutsche Telekom Laboratories Sekr. TEL 16 Ernst-Reuter-Platz 7 10587 BERLIN GERMANY
Mobile: 0160/90257737 E-Mail: bernd@net.t-labs.tu-berlin.de (T-Labs work) WWW: net.t-labs.tu-berlin.de
--On Saturday, December 29, 2012 9:01 AM -0800 fal patel fal0patel@gmail.com wrote:
(3) Where It's Failing:
I first executed the following:
slapadd -v -F /usr/local/etc/openldap/slapd.d -b bdb -l mmr.ldif
This is nonsensical. You are adding a cn=config DB. Thus you cannot use a base of "bdb". Remember that -b is the suffix you are adding (in this case, cn=config). Not the database type.
So I suppose I must create the database beforehand?
No. But the directory (/usr/local/etc/openldap/slapd.d) must exist before slapadd will work.
I would suggest you run:
slapadd -d -1 -v -F /usr/local/etc/openldap/slapd.d -n 0 -l mmr.ldif
So you can see exactly why it is failing. My guess is you didn't create the directory.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
fal patel -
Quanah Gibson-Mount