On Mon, Jun 02, 2008 at 12:48:15AM +0200, Olav Vitters wrote: > FYI. > > I'm going to setup a backup on container. If anything goes wrong, it'll > just be a DNS change.
BTW: The LTS will have openldap 2.4. There is a mention that the current LDAP replication method will not work in 2.4 However, the config option is still in the slapd.conf manpage. Not sure if the upgrade will break replication. If so, the replication has to be redone. I want to do that in the near future anyway. Basically: Currently the master server pushes changes to the slaves. This is deprecated. In 2.3+, the slave will connect, compare everything (slow initially) and retrieve all new objects (could be slow). Optionally it can stay connected and wait for changes (this is of course what we want). Every change in an object will result in the transfer of the whole object(!). Doesn't matter too much as a userid doesn't have more than ~1KB of data. There is something to limit the transfer to just the changed attributes, but I don't think it is critical to set that up. Benefits: * the new method allows you to start with a blank ldap database. The slave will transfer everything that is missing (slower than slapcat, but *much* easier) * the slave connects to the master as a normal user. Allows setting security options (not transferring certain attributes). Will result in higher security as e.g. userPassword is only known on Red Hat servers, not on others (other servers don't need it anyway). -- Regards, Olav _______________________________________________ Gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
