1

A cascading OpenLDAP syncrepl setup

view story
linux-howto

http://serverfault.com – We are planning to have a 3-tier setup with LDAP servers. For simplicity, I shall refer to the tiers as T1, T2, and T3, respectively. The plan is to have changes made on the T1 backend be replicated to T2, and then T2 replicates these to T3. The reverse should also be enabled. Is this possible? How can this be done? I've been trying to set this up but I am stuck with the replication from T2 to T3. According to the logs, syncing to T3 stops at do_syncrep2: rid=003 LDAP_RES_INTERMEDIATE - REFRESH_DELETE and nothing else follows. Meanwhile, at T3's side, the last logged messages are: Feb 1 (HowTos)

taskli's picture
Submitted by taskli on 02/12/2013

Stories similar to A cascading OpenLDAP syncrepl setup

I have two OpenLDAP servers that are both running TLS. They are:

ldap1.mydomain.com ldap2.mydomain.com

I also have a load balancer cluster with a dns name of it's own:

ldap.mydomain.com

The SSL certificate has a CN of ldap.mydomain.com, with SANs of ldap1.mydomain.com and ldap2.mydomain.com.

Everything works... Except mirror mode replication.

I've configured a second host to replicate the main LDAP server via syncrepl in the slapd.conf:

syncrepl rid=666 provider=ldaps://my-main-server.com type=refreshAndPersist searchBase="dc=Staff,dc=my-main-server,dc=com" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=repadmin,dc=my-main-serve

I've been asked to setup a multimaster LDAP environment on Ubuntu 11.04 - instead of a single master server. I cloned the master server and recreated it into two VMs. I am trying to follow the instructions on the OpenLDAP documentation here:

http://www.openldap.org/doc/admin24/replication.html

and it talks about modifying the cn=config tree within LDAP.

I have replication setup as follows

Master A ----> Slave B ------> Slave C \-------> Slave D \------> Slave E - H

I use this setup because I need a local copy at the office server (that is slave C). I don't want to put extra strain on Master A because it's already receiving all of the inserts and extra load from the slaves connections.

Hello,I am trying to move an environment into a more HA setup. Currenly I have 3 tomcat app servers talking to a backend database running oracle. Right now, none of it has any availabil... [by blankdvd]

Hello together,I plan to setup an openldap server with a postgresqldb as backend. So I tried the most common Tutorials, but nothing worked for me. I installed{{{ yum install openl... [by hornuda]

I'm attempting to setup a multimaster pair on Ubuntu 11.04. I currently have a working single server which I've cloned to a 2nd server.

I want to host an application on a single server running MySQL server. To get the best performance I plan on using a UNIX socket connection (to avoid TCP overhead). Later, I would like to scale up by adding extra servers which would be MySQL read-only instances (slave) replicated from the first server (master).

Correct me if I am wrong:

If you setup your Servers to use the mode "Synchronize changes" to the DNSonly servers the "Setup Reverse Trust Relationship" is not needed.

If you setup your Servers to use the mode "Standalone" to the DNSonly servers the "Setup Reverse Trust Relationship" is needed, therefor automatically activated.

If you try to unchec