On Nov 21, 2007, at 2:53 PM, Gavin Henry wrote:
I've been thinking about this some and I am still confused about what
is probably a fairly simple syncrepl concept.
What I have been trying to do is synchronize the cn=config base from
the PROVIDER to the CONSUMER. My hope was that by replicating
cn=config then all the other databases (well, really only the primary
BDB for now) would then be automagically synched too. Does this make
sense?
Rather than try to debug all of above, I'm stepping back and trying to
understand what you are doing.
So you are trying to sync the providers config to the consumer?
This is like MirrorMode or Multi-Master.
If you have a master and a slave (the slave with a syncprov overlay
on),
then plan to bootstrap from the slave for another slave, then that
makes
sense, i.e. what you plan above is ok.
Can you clarify?
OK. The BIG picture. I am running a small operation here. I will
probably never have more than 100 users in my LDAP directory.
I have one machine that is currently running openldap 2.4.6 as my one
and only (i.e. Master) LDAP server.
Now that LDAP is up and running I am starting to slowly migrate
existing users over to the LDAP directory.
It is absolutely imperative that if the master server becomes
unavailable that users can still function.
Therefore, I was trying to set up a backup LDAP server. My research
has led me to the conclusion that I should be using syncrepl (of the
regular sort ... not mirrormode or multi-master) to create my second
backup LDAP server.
I thought by installing openldap 2.4.6 on a second machine and using a
short 10-15 line seed.ldif file it would talk to the master LDAP
server, get the cn=config from the master and see that in addition to
the cn=config base there is also another BDB base
(dc=example,dc=als,dc=lbl,dc=gov), and then it would sync up that guy
too.
My concern is that I am using TLS and currently the names of
the crt and key files are different for the PROVIDER and CONSUMER so
simply replicating the cn=config may not actually work unless I
remain
consistent in my naming of the SSL files. I guess I can do this,
but I
thought to clarify the idea with the openldap experts first.
I'm still hopeful. I really like the idea of building a new machine,
compiling openldap, slapadding a seed LDIF file and instantly
having a
backup slave LDAP server.
Thanks,
Scott
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scott Classen, Ph.D.
SIBYLS Beamline 12.3.1
http://bl1231.als.lbl.gov
Advanced Light Source
Lawrence Berkeley National Laboratory
1 Cyclotron Rd
MS6R2100
Berkeley, CA 94720
O) 510.495.2697
Beamline) 510.495.2134
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
