Keeping a new n-master environment in sync with an old single master env during a migration
Hello all, I have a question I'm sure some folks have already addressed and hope there is a solution for my problem I am in the process of migrating from an old single master --> multiple slave env running on OpenBSD 4.9 openldap-server-2.4.23p2 - configured with slapd.conf over to 4-master (regional) to 4 slaves (now - more to come regionally) running Ubuntu 16.04 and openldap 2.4.42 - configured with a cn=config database I am trying to keep the environments in sync as we migrate dozens of different environments from the old slaves to the new slaves - which may take as long as 4 months :( I started out by using slapcat to export the contents of the old server, then loading them into the new server. I would originally drop all the data on the new servers and reload from the old. this is now no longer an option, as we migrate to the new servers, i cannot be dropping the entire database and replacing it with the new one - the time it takes to execute such a task creates an outage for users as well as applications that rely on the LDAP database. So im looking for some guidance / options to keep my new LDAP environment in sync with my old, without any service disruptions on either set of systems. Any help would be greatly appreciated!! Christopher
Re: Number of requests served in ideal condition by version 2.4.46 with lmdb backend.
Saurabh Lahoti wrote: Dear All, For preparing a technical scope of OpenLDAP; do we have any maximum threshold of requests served per second by single instance of 2.4.46 with lmdb backend..? No. The request rate is entirely determined by your network interface speed and number of CPUs. LMDB search performance scales linearly with CPU cores. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Number of requests served in ideal condition by version 2.4.46 with lmdb backend.
Dear All, For preparing a technical scope of OpenLDAP; do we have any maximum threshold of requests served per second by single instance of 2.4.46 with lmdb backend..? Thanks & Kind Regards, Saurabh Lahoti.
Re: how to run script on event (modify/delete/add)?
On 07/31/2018 02:12 PM, Zeus Panchenko wrote: Michael Ströder wrote: On 07/30/2018 02:32 PM, Zeus Panchenko wrote: Basically you have two options: 1. run something within slapd (back-perl or back-sock) I'm still missing something ... what is/are the condition/s to see a candidate object to sync? (It seems you chose option 2. and not 1. as mentioned above.) The syncrepl protocol is specified in https://tools.ietf.org/html/rfc4533 Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature
Re: how to run script on event (modify/delete/add)?
thanks to everybody for soon reply
Michael Ströder wrote:
> On 07/30/2018 02:32 PM, Zeus Panchenko wrote:
> Basically you have two options:
> 1. run something within slapd (back-perl or back-sock)
I'm still missing something ... what is/are the condition/s to see a
candidate object to sync?
I'm trying a sample from doc to Net::LDAP::Control::SyncRequest as well
as sample from SATOH Fumiyasu code
I modify some attribute and after that run the code:
---[ quotation start ]---
...
my $req = $ldap_crud->control_sync_req; # which is wrapper for
Net::LDAP::Control::SyncRequest->new( mode => LDAP_SYNC_REFRESH_AND_PERSIST, );
log_debug { np( $req ) };
my $mesg = $ldap_crud->search({ base =>
$ldap_crud->{cfg}->{base}->{acc_root},
filter=> "(objectClass=*)",
control => [ $req ],
callback => sub { # log_debug {np(@_)};
my $msg = shift;;
my $obj = shift;
my @controls = $msg->control;
if ( defined $obj &&
$obj->isa('Net::LDAP::Entry') ) {
log_debug { $obj->dn . ' ; ' .
np(@controls)};
my $syncstate = undef;
for my $control (@controls) {
if (
$control->isa('Net::LDAP::Control::SyncState') ) {
$syncstate = $control;
log_debug {np($syncstate)};
last;
}
}
}
},
sizelimit => 0,
attrs => [ '*' ] });
...
---[ quotation end ]---
but Net::LDAP::Message object returned by search, contains method
`controls' set to undef
---[ quotation start ]---
2018.07.31 13:38:38 [DEBUG]: L00830 @ UMI::Controller::Root::test:
Controller/Root.pm: Net::LDAP::Search {
Parents Net::LDAP::Message
public methods (12) : all_entries, as_struct, count, decode, entries,
entry, first_entry, next_entry, pop_entry, references, shift_entry, sorted
private methods (0)
internals: {
callback sub { ... },
controls undef,
ctrl_hash undef,
entries[
[0] Net::LDAP::Entry,
...
[388] Net::LDAP::Entry
],
errorMessage "",
matchedDN "",
mesgid 70,
parent Net::LDAP,
rawundef,
resultCode 0
}
}
---[ quotation end ]---
while Net::LDAP::Control::SyncRequest->new() returns valid object
---[ quotation start ]---
2018.07.31 14:01:16 [DEBUG]: L00807 @ UMI::Controller::Root::test:
Controller/Root.pm: Net::LDAP::Control::SyncRequest {
Parents Net::LDAP::Control
public methods (5) : cookie, init, mode, reloadHint, value
private methods (0)
internals: {
asn{
cookie undef,
mode 3,
reloadHint 0
},
mode 3,
type "1.3.6.1.4.1.4203.1.9.1.1"
}
}
---[ quotation end ]---
though after been fed to search, control "disappears" ...
where am I wrong?
--
Zeus V. Panchenko jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
signature.asc
Description: PGP signature
Re: python-ldap validate LDAPObject.modify_ext_s
On 07/27/2018 10:40 AM, Sam Culley wrote: I am trying to research how I can validate/verify executing an LDAPObject.modify_ext_s request in Python. If I print the response of the result it returns (103, [], 3, []) But I can't find much documentation on what that means? If something goes wrong with add or modify operations, python-ldap will raise exception. No need to check the method's result. This is a python-ldap question and therefore might be considered rather off-topic here. Even though python-ldap uses OpenLDAP's libldap it's not something published by the OpenLDAP project. python-ldap has its own low-traffic mailing list where you can ask questions about python-ldap: https://python-ldap.org/en/latest/#mailing-list Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature
