Calendar
|
October '08 |
|
||||
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
Tag Cloud
Active Directory AD ADAM Amanda Asterisk Benchmark Blog Catalyst DBIC DBIx-Class Digium Directory Services Disaster Recovery Dojo eDirectory Encrypted Backups Enterprise Backups Enterprise Directory Fedora Fedora Directory Server Fedora DS Flexitime Flexi Time IAM Identity Management IDM IP Telephony Isode JavaScript LDAP LDAP Replication LDAP Schema linux Linux M-Vault Microsoft Microsoft FUD MirrorMode MySQL NBD OID OpenDS OpenLDAP Open Source Oracle Oracle Internet Directory PABX Perl PostgreSQL Quad-Core RDBMS Red Hat Replication Request Tracker RT Samba Sendmail SSO Sun Sun Microsystems SunOne Suretec Symas Ubuntu UC UM Unified Communications VoIP X.500
Quicksearch
Powered by
OpenLDAP Weekly News Issue 5
Tuesday, November 27. 2007
Welcome to the fifth issue of OpenLDAP Weekly News (OWN), the unofficial weekly newsletter for the OpenLDAP community.
This will be released every Sunday (or thereabouts), covering the latest goings on in and around the OpenLDAP community.
Summary:
- Latest "stable" OpenLDAP
- Multi-Master Replication configuration example
- Update on Build Farm
- Contributions
- OpenLDAP Documentation updates
- OpenLDAP Development
- Selected user issues and solutions discussed
This will be released every Sunday (or thereabouts), covering the latest goings on in and around the OpenLDAP community.
Summary:
- Latest "stable" OpenLDAP
- Multi-Master Replication configuration example
- Update on Build Farm
- Contributions
- OpenLDAP Documentation updates
- OpenLDAP Development
- Selected user issues and solutions discussed
Latest "stable" OpenLDAP:
OpenLDAP 2.3.39 is now considered the most stable release.
Multi-Master Replication configuration example:
This has been asked for a few times now, so I'm putting an example here for use with OpenLDAP 2.4.6, which will then be part of the main docs
This is adapted from test050-syncrepl-multimaster
A proper writeup will be in the admin guide soon, I promise
Right, the following is all in LDIF format and you slapadd them to your cn=config on the amount of Master nodes you have/want (using slappasswd of course):
This sets up the config database:
CODE:
dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret
second and third servers will have a different olcServerID obviously:
CODE:
dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 2
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret
This sets up syncrepl as a provider (since these are all masters):
CODE:
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/local/libexec/openldap
olcModuleLoad: syncprov.la
Now we setup the first Master Node (replace $URI1, $URI2 and $URI3 etc. with your actual ldap[?] urls):
CODE:
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 $URI1
olcServerID: 2 $URI2
olcServerID: 3 $URI3
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
Now start up the Master and a consumer/s, also add the above LDIF to the first consumer, second consumer etc. It will then replicate cn=config. You now have N-Way Multimaster on the config database.
We still have to replicate the actual data, not just the config, so add to the master (all active and configured consumers/masters will pull down this config, as they are all syncing). Also, replace all ${} variables with whatever is applicable to your setup:
CODE:
dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig
objectClass: olc${BACKEND}Config
olcDatabase: {1}$BACKEND
olcSuffix: $BASEDN
olcDbDirectory: ./db
olcRootDN: $MANAGERDN
olcRootPW: $PASSWD
olcSyncRepl: rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=006 provider=$URI3 binddn="$MANAGERDN" bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
That's the quick version, more in the admin guide later....
Note: You must have all your server set to the same time via ntp
Please add comments to this post or start a thread on The OpenLDAP Project lists if you have problems (see support section below).
Update on Build Farm:
Kurt tells me the kit has arrived and there is money to spare due to big discounts. The OpenLDAP Project will either put that towards getting another server or stick more RAM in the existing one.
As soon as access is sorted out The OpenLDAP Project can begin to setup the build farm.
More later....
Contributions:
Howard adds Ordered indexing for integers. Very handy.
The OpenLDAP Project still have a few things left in the queue to get a proper review.
OpenLDAP Documentation updates:
Well, my plan to get the MMR docs done failed, as I got bogged down with normal work and a lot of OpenLDAP sales work with our partners.
I did however extend the MMR test, which means I kind of know MMR inside out
OpenLDAP Development:
The core team and engineering team have been busy as usual.
The OpenLDAP Project are currently closing out bugs and pushing towards a 2.4.7 release, hopefully this week.
As already discussed, Howard adds ordered indexing for integers, follow the discussion.
I try to start discussions on a new Roadmap. Seems it's a bit early, and I point out what docs I need help with.
I also ask about next years OpenLDAP Developers Day, with no answers yet.
Selected user issues and solutions discussed:
Lots this week.
In and around the community:
- someone gives up on Sun and moves to OpenLDAP
- Troubles with AD[?], come over to OpenLDAP!
- Zimbra upgrade kills OpenLDAP
- LDAP[?] authentication w/ OpenLDAP server on Linux
Hopefully this weeks snippet on MMR will help users and save the many questions The OpenLDAP Project gets.
Contribute:
If you have any interesting OpenLDAP stories or spot anything in the Open Source community related to OpenLDAP, drop me a line at ghenry at suretecsystems dot com
Support:
As usual, if you have questions or problems please contact The OpenLDAP Project via normal channels.
Thanks,
Gavin.
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I was hoping to complete it successfully and then document it for you.
Good luck
I'm just reading your openldap-software post now.
Gavin.
Site Feeds
Comments
about LDAP questions answered
Sat, 24.05.2008 00:43
I just wanted to add that you
can do sql ldap connections in
PostgreSQL:
http://pgfound
ry.org/projects/dblink-ldap/
Sat, 24.05.2008 00:43
about Running a business on desktop Linux
Tue, 13.05.2008 09:03
Simply not true:
http://www
.ubuntu.com/getubuntu/download
"Ubuntu 8.04 LTS Desktop E
dition - Supported to 20 [...]
Tue, 13.05.2008 09:03
about Running a business on desktop Linux
Mon, 12.05.2008 19:18
"No forced software and hardwa
re upgrades every couple years
"
That is simply not true w
ith Ubuntu !
They pro [...]
Mon, 12.05.2008 19:18