Hi,
I'm moving more and more towards loading new databases via ldapadd to cn=config. All databases are replicated between two mirrormode servers - including cn=config.
From my unserstanding I need to syncrepl directives for each database. For cn=config it could be:
syncrepl rid=1 provider=ldaps://<SERVER1>/ searchbase="cn=config" type=refreshAndPersist retry="60 +" scope=sub schemachecking=on bindmethod=sasl binddn="cn=config" saslmech="EXTERNAL" tls_cert=/etc/ldap/ssl/config.crt tls_key=/etc/ldap/ssl/config.nopass.key tls_cacert=/etc/ldap/ssl/ca.crt tls_cipher_suite="NULL-SHA"
syncrepl rid=2 provider=ldaps://<SERVER2>/ searchbase="cn=config" type=refreshAndPersist retry="60 +" scope=sub schemachecking=on bindmethod=sasl binddn="cn=config" saslmech="EXTERNAL" tls_cert=/etc/ldap/ssl/config.crt tls_key=/etc/ldap/ssl/config.nopass.key tls_cacert=/etc/ldap/ssl/ca.crt tls_cipher_suite="NULL-SHA"
The two directives are needed since the configuration will be replicated and the two servers have to contain the same configuration. As long as Server-2 can recognize it self as <SERVER2> it will ignore the directive pointing to it self - correct?
So cn=config will use RID 1 and RID 2.
When I add a new database it will also have to have 2 syncrepl directives, but will have to use RID 3 and RID 4 - correct?
Now, I would like not to have to specify the RID in the LDIF loaded to create a new database. In principle I would not know how many other replications were in place on the server I load it into, so it would be a bad thing to hardwire the RID into the LDIF for the new database.
Are there any mechanism/best practice to do chose new RIDs automatically?
/Peter
Peter Mogensen wrote:
Hi,
I'm moving more and more towards loading new databases via ldapadd to cn=config. All databases are replicated between two mirrormode servers - including cn=config.
From my unserstanding I need to syncrepl directives for each database. For cn=config it could be:
The two directives are needed since the configuration will be replicated and the two servers have to contain the same configuration. As long as Server-2 can recognize it self as <SERVER2> it will ignore the directive pointing to it self - correct?
So cn=config will use RID 1 and RID 2.
When I add a new database it will also have to have 2 syncrepl directives, but will have to use RID 3 and RID 4 - correct?
No. As the docs state in multiple places, RIDs are only significant within a single server. They don't need to be unique across all servers.
Howard Chu wrote:
Peter Mogensen wrote:
So cn=config will use RID 1 and RID 2.
When I add a new database it will also have to have 2 syncrepl directives, but will have to use RID 3 and RID 4 - correct?
Ignore my previous reply. Yes, correct.
Now, I would like not to have to specify the RID in the LDIF loaded to create a new database. In principle I would not know how many other replications were in place on the server I load it into, so it would be a bad thing to hardwire the RID into the LDIF for the new database.
Are there any mechanism/best practice to do chose new RIDs automatically?
No, there's no automatic mechanism. You might consider using the olcDatabase={x} numeric index as an offset, e.g. x*10. That of course means you must ldapadd the database and then read the olcDatabase attribute back, then ldapmodify to insert the syncrepl directive.
Howard Chu wrote:
So cn=config will use RID 1 and RID 2.
When I add a new database it will also have to have 2 syncrepl directives, but will have to use RID 3 and RID 4 - correct?
No. As the docs state in multiple places, RIDs are only significant within a single server. They don't need to be unique across all servers.
Ehm.. sure, but they still can't use 1 and 2, since cn=config replication (on the same server) uses them. So I need to chose two new RIDs before I ldapadd the LDIF containing the new database config.
/Peter
On 12/11/2009 12:04, Peter Mogensen wrote:
Hi,
I'm moving more and more towards loading new databases via ldapadd to cn=config. All databases are replicated between two mirrormode servers - including cn=config.
From my unserstanding I need to syncrepl directives for each database. For cn=config it could be:
syncrepl rid=1 provider=ldaps://<SERVER1>/ searchbase="cn=config" type=refreshAndPersist retry="60 +" scope=sub schemachecking=on bindmethod=sasl binddn="cn=config" saslmech="EXTERNAL" tls_cert=/etc/ldap/ssl/config.crt tls_key=/etc/ldap/ssl/config.nopass.key tls_cacert=/etc/ldap/ssl/ca.crt tls_cipher_suite="NULL-SHA"
syncrepl rid=2 provider=ldaps://<SERVER2>/ searchbase="cn=config" type=refreshAndPersist retry="60 +" scope=sub schemachecking=on bindmethod=sasl binddn="cn=config" saslmech="EXTERNAL" tls_cert=/etc/ldap/ssl/config.crt tls_key=/etc/ldap/ssl/config.nopass.key tls_cacert=/etc/ldap/ssl/ca.crt tls_cipher_suite="NULL-SHA"
The two directives are needed since the configuration will be replicated and the two servers have to contain the same configuration. As long as Server-2 can recognize it self as <SERVER2> it will ignore the directive pointing to it self - correct?
Yes.
So cn=config will use RID 1 and RID 2.
When I add a new database it will also have to have 2 syncrepl directives, but will have to use RID 3 and RID 4 - correct?
Yes.
Now, I would like not to have to specify the RID in the LDIF loaded to create a new database. In principle I would not know how many other replications were in place on the server I load it into, so it would be a bad thing to hardwire the RID into the LDIF for the new database.
Are there any mechanism/best practice to do chose new RIDs automatically?
The mechanism we use is a script to search under cn=config for all entries with attribute "olcSyncrepl", and parse them to work out the current max RID, then use that +1.
Regards, Jonathan
Jonathan Clarke wrote:
Are there any mechanism/best practice to do chose new RIDs automatically?
The mechanism we use is a script to search under cn=config for all entries with attribute "olcSyncrepl", and parse them to work out the current max RID, then use that +1.
Would there be anything hindering a feature in slapd where that procedure is done automatically by slapd, when a syncrepl direcitve is added without a RID ?
/Peter
openldap-technical@openldap.org
-
Howard Chu -
Jonathan Clarke -
Peter Mogensen