Hi,
I am setting up master-slave replication for our off-site office, so it can use authentication against ldap even with internet connectivity issues. Replication itself is working without problems. But it replicates only data and not olcAccess attributes on database. So I have to set them manually.
Please is there any way to replicate those attributes too?
I found only one way, and it is master-master replication of cn=config database. And it is not usable in our environment. Off-site office don`t have public ip. And it is better for me to have this ldap instance read-only.
Thank you, Miroslav Misek
Am Sun, 1 Jul 2018 14:35:27 +0200 schrieb Miroslav Misek miroslav.misek@netgarden.cz:
Hi,
I am setting up master-slave replication for our off-site office, so it can use authentication against ldap even with internet connectivity issues. Replication itself is working without problems. But it replicates only data and not olcAccess attributes on database. So I have to set them manually.
Please is there any way to replicate those attributes too?
I found only one way, and it is master-master replication of cn=config database. And it is not usable in our environment. Off-site office don`t have public ip. And it is better for me to have this ldap instance read-only.
You may consider the experimental aci model instead of stadard acl model, as defined in slapd.access(5) http://www.openldap.org/faq/data/cache/634.html
-Dieter
Hi,
On Sun, 1 Jul 2018, Miroslav Misek wrote:
Hi,
I am setting up master-slave replication for our off-site office, so it can use authentication against ldap even with internet connectivity issues. Replication itself is working without problems. But it replicates only data and not olcAccess attributes on database. So I have to set them manually.
Please is there any way to replicate those attributes too?
I found only one way, and it is master-master replication of cn=config database. And it is not usable in our environment. Off-site office don`t have public ip. And it is better for me to have this ldap instance read-only.
you can setup replication for cn=config identically to how you setup replication for your data.
If you can replicate your data by pulling from the master you can do the same for cn=config.
Greetings Christian
Hi,
one more question please about cn=config replication. When I set it up, it will override local olcDatabase={2}hdb,cn=config. By which I will gain olcAccess records, which I need, but at the same time I will loose olcSyncRepl attribute for olcDatabase={2}hdb,cn=config no? This attribute does not exist at master server.
Thanks, Miroslav Misek
On 4.7.2018 13:50, Christian Kratzer wrote:
Hi,
On Sun, 1 Jul 2018, Miroslav Misek wrote:
Hi,
I am setting up master-slave replication for our off-site office, so it can use authentication against ldap even with internet connectivity issues. Replication itself is working without problems. But it replicates only data and not olcAccess attributes on database. So I have to set them manually.
Please is there any way to replicate those attributes too?
I found only one way, and it is master-master replication of cn=config database. And it is not usable in our environment. Off-site office don`t have public ip. And it is better for me to have this ldap instance read-only.
you can setup replication for cn=config identically to how you setup replication for your data.
If you can replicate your data by pulling from the master you can do the same for cn=config.
Greetings Christian
--On Saturday, August 11, 2018 3:14 PM +0200 Miroslav Misek miroslav.misek@netgarden.cz wrote:
Hi,
one more question please about cn=config replication. When I set it up, it will override local olcDatabase={2}hdb,cn=config. By which I will gain olcAccess records, which I need, but at the same time I will loose olcSyncRepl attribute for olcDatabase={2}hdb,cn=config no? This attribute does not exist at master server.
I suggest looking at test059-slave-config in the test suite, which shows how to set up cn=config replication for a replica that is fed from the master.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Christian Kratzer -
Dieter Klünter -
Miroslav Misek -
Quanah Gibson-Mount