Hi,
on the replication branch, we are now able to connect to an OpenLDAP
server, and subscribe as a slave with the refreshOnly or
refreshAndPersist operations. This is very experimental atm, and we need
more than the current configuration in order to implement this in the
server.
So far, here are the needed informations :
- a replicaId (or RID), uniquely identifying the server
- a replication type : RefreshOnly or RefreshAndPersist
- an interval for a RefreshOnly replication
- a search base, which will be the part of the tree to replicate
- a principal, used to connect on the master server
- a password
Currently, the lacking informations are :
- the replication type
- the search base
- the principal
- the password
We have a Replica class holding similar informations, namely a
SocketAddress, as we where based on a proprietary protocol to handle the
replication in the previous version (Mitosis). As the new replication
model will be based on RFC 4533, we need to change this.
So the ReplicationInterceptor configuration will change. Currently, it
looks like that :
<replicationInterceptor>
<configuration>
<replicationConfiguration logMaxAge="5"
replicaId="instance_a"
replicationInterval="2"
responseTimeout="10"
serverPort="10390">
<s:property name="peerReplicas">
<s:set>
<s:value>instanc...@localhost:1234</s:value>
<s:value>instanc...@localhost:1234</s:value>
</s:set>
</s:property>
</replicationConfiguration>
</configuration>
</replicationInterceptor>
We will remove the logMaxAge, responseTimeout and serverPort parameters.
The peerReplicas will contain an LdapURL with the list of server we want
to replicate from. Those replicas will look like :
ldap://[<principalDN>:<password>]@<server>[:<port>]/<baseDN>
We will end with a configuration like :
<replicationInterceptor>
<configuration>
<replicationConfiguration sync="RefreshOnly" (or "RefreshAndPersist")
replicaId="001"
replicationInterval="00:05:00"> (every 5
minutes)
<s:property name="peerReplicas">
<s:set>
<s:value>ldap://uid=admin,ou=system:[email protected]:10389/ou=people,dc=apache,dc=org</s:value>
<s:value>ldap://uid=admin,ou=system:[email protected]:10389/ou=projects,dc=apache,dc=org</s:value>
</s:set>
</s:property>
</replicationConfiguration>
</configuration>
</replicationInterceptor>
(the replicaId is now a 3 digits value, as the OpenLDAP looks like
rid=000,sid=000,csn=20090311230920.705931Z#000000#001#000000).
We may want to be more specific with the peerReplicas, like for instance
define a different replication Interval for each search base. That could
be done using such a configuration :
<replicationInterceptor>
<configuration>
<replicationConfiguration replicaId="001">
<s:property name="peerReplicas">
<s:set>
<replica>
<type>refreshAndPersist</type>
<principalDn>uid=admin,ou=system</principalDn>
<password>secret</password>
<server>ldap1.apache.org</server>
<port>10389</port>
<baseDN>ou=people,dc=apache,dc=org</baseDN>
</replica>
<replica>
<type>refreshOnly</type>
<principalDn>uid=admin,ou=system</principalDn>
<password>secret</password>
<server>ldap1.apache.org</server>
<port>10389</port>
<baseDN>cn=config,ou=system</baseDN>
<interval>01:00:00</interval>
</replica>
</s:set>
</s:property>
</replicationConfiguration>
</configuration>
</replicationInterceptor>
This is a very preliminary proposal. Feel free to comment it.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
