Hi,
From what I gather, OpenLDAP on Centos 5.x pulls LDAP changes from central LDAP server to a secondary LDAP server.
So in other words, you can have your second LDAP server pull the db based on either;
type=refreshOnly
which mean the pull interval will happen when ever you specify or;
type=refreshAndPersist
which mean after a pull, keep the pipe open for any changes made.
Now in Ubuntu one can have there primary LDAP push the changes to all the secondaries.
Can I somehow enable push in Centos OpenLDAP because pull seems pretty lame in this case.
I tried but to no avail.
Hope the answer isn't "Son, thats just the way it iz".
- aurf
On Thu, 2010-04-01 at 10:36 -0700, aurfalien@gmail.com wrote:
Hi,
From what I gather, OpenLDAP on Centos 5.x pulls LDAP changes from central LDAP server to a secondary LDAP server.
So in other words, you can have your second LDAP server pull the db based on either;
type=refreshOnly
which mean the pull interval will happen when ever you specify or;
type=refreshAndPersist
which mean after a pull, keep the pipe open for any changes made.
Now in Ubuntu one can have there primary LDAP push the changes to all the secondaries.
Can I somehow enable push in Centos OpenLDAP because pull seems pretty lame in this case.
I tried but to no avail.
Hope the answer isn't "Son, thats just the way it iz".
---- my reading of syncrepl matches your understanding but I'm still using slurpd so what do I know.
You should know that the philosophy of OpenLDAP software developers is that if you actually want to run an OpenLDAP server using newer edge features (and syncrepl is surely one of them), then you should be building the latest from source and not relying on distribution packages which exist mostly for providing ldap libraries for other software. There was a recent discussion about this very topic because Debian/Ubuntu is using a 2.4 version that is also out of date and very buggy where syncrepl is concerned. Obviously CentOS is using 2.3.43 which is considered out of date by OpenLDAP software developers.
Craig
Thanks Craig,
Do you have multiple secondary LDAPs using slurpd?
Its is pushing or pulling?
I may just use that.
- Brian On Apr 1, 2010, at 11:15 AM, Craig White wrote:
On Thu, 2010-04-01 at 10:36 -0700, aurfalien@gmail.com wrote:
Hi,
From what I gather, OpenLDAP on Centos 5.x pulls LDAP changes from central LDAP server to a secondary LDAP server.
So in other words, you can have your second LDAP server pull the db based on either;
type=refreshOnly
which mean the pull interval will happen when ever you specify or;
type=refreshAndPersist
which mean after a pull, keep the pipe open for any changes made.
Now in Ubuntu one can have there primary LDAP push the changes to all the secondaries.
Can I somehow enable push in Centos OpenLDAP because pull seems pretty lame in this case.
I tried but to no avail.
Hope the answer isn't "Son, thats just the way it iz".
my reading of syncrepl matches your understanding but I'm still using slurpd so what do I know.
You should know that the philosophy of OpenLDAP software developers is that if you actually want to run an OpenLDAP server using newer edge features (and syncrepl is surely one of them), then you should be building the latest from source and not relying on distribution packages which exist mostly for providing ldap libraries for other software. There was a recent discussion about this very topic because Debian/Ubuntu is using a 2.4 version that is also out of date and very buggy where syncrepl is concerned. Obviously CentOS is using 2.3.43 which is considered out of date by OpenLDAP software developers.
Craig
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
slurpd is a push technology and yes, I have multiple 'slaves' on slurpd.
Craig
On Thu, 2010-04-01 at 11:50 -0700, aurfalien@gmail.com wrote:
Thanks Craig,
Do you have multiple secondary LDAPs using slurpd?
Its is pushing or pulling?
I may just use that.
- Brian
On Apr 1, 2010, at 11:15 AM, Craig White wrote:
On Thu, 2010-04-01 at 10:36 -0700, aurfalien@gmail.com wrote:
Hi,
From what I gather, OpenLDAP on Centos 5.x pulls LDAP changes from central LDAP server to a secondary LDAP server.
So in other words, you can have your second LDAP server pull the db based on either;
type=refreshOnly
which mean the pull interval will happen when ever you specify or;
type=refreshAndPersist
which mean after a pull, keep the pipe open for any changes made.
Now in Ubuntu one can have there primary LDAP push the changes to all the secondaries.
Can I somehow enable push in Centos OpenLDAP because pull seems pretty lame in this case.
I tried but to no avail.
Hope the answer isn't "Son, thats just the way it iz".
my reading of syncrepl matches your understanding but I'm still using slurpd so what do I know.
You should know that the philosophy of OpenLDAP software developers is that if you actually want to run an OpenLDAP server using newer edge features (and syncrepl is surely one of them), then you should be building the latest from source and not relying on distribution packages which exist mostly for providing ldap libraries for other software. There was a recent discussion about this very topic because Debian/Ubuntu is using a 2.4 version that is also out of date and very buggy where syncrepl is concerned. Obviously CentOS is using 2.3.43 which is considered out of date by OpenLDAP software developers.
Craig
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Craig,
Will the below config allow me to push using slurp... to the d that is;
primary ldap slapd.conf; replica uri=ldap://ldap.dns.name:389 binddn="cn=replicauser,dc=domain,dc=name" bindmethod=simple credentials=passofreplicauser
secondarie{s} ldap slapd.conf; updatedn cn=replicauser,dc=domain,dc=name updateref ldap://ldap.dns.name
- Brian
On Apr 1, 2010, at 12:04 PM, Craig White wrote:
slurpd is a push technology and yes, I have multiple 'slaves' on slurpd.
Craig
On Thu, 2010-04-01 at 11:50 -0700, aurfalien@gmail.com wrote:
Thanks Craig,
Do you have multiple secondary LDAPs using slurpd?
Its is pushing or pulling?
I may just use that.
- Brian
On Apr 1, 2010, at 11:15 AM, Craig White wrote:
On Thu, 2010-04-01 at 10:36 -0700, aurfalien@gmail.com wrote:
Hi,
From what I gather, OpenLDAP on Centos 5.x pulls LDAP changes from central LDAP server to a secondary LDAP server.
So in other words, you can have your second LDAP server pull the db based on either;
type=refreshOnly
which mean the pull interval will happen when ever you specify or;
type=refreshAndPersist
which mean after a pull, keep the pipe open for any changes made.
Now in Ubuntu one can have there primary LDAP push the changes to all the secondaries.
Can I somehow enable push in Centos OpenLDAP because pull seems pretty lame in this case.
I tried but to no avail.
Hope the answer isn't "Son, thats just the way it iz".
my reading of syncrepl matches your understanding but I'm still using slurpd so what do I know.
You should know that the philosophy of OpenLDAP software developers is that if you actually want to run an OpenLDAP server using newer edge features (and syncrepl is surely one of them), then you should be building the latest from source and not relying on distribution packages which exist mostly for providing ldap libraries for other software. There was a recent discussion about this very topic because Debian/Ubuntu is using a 2.4 version that is also out of date and very buggy where syncrepl is concerned. Obviously CentOS is using 2.3.43 which is considered out of date by OpenLDAP software developers.
Craig
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, 2010-04-01 at 17:25 -0700, aurfalien@gmail.com wrote:
Hi Craig,
Will the below config allow me to push using slurp... to the d that is;
primary ldap slapd.conf; replica uri=ldap://ldap.dns.name:389 binddn="cn=replicauser,dc=domain,dc=name" bindmethod=simple credentials=passofreplicauser
secondarie{s} ldap slapd.conf; updatedn cn=replicauser,dc=domain,dc=name updateref ldap://ldap.dns.name
---- This what I am using... YMMV
(primary - a separate, virtually stanza for each slave) replica host=linserv1.example.com:389 suffix="dc=example,dc=com" binddn="cn=replica,dc=example,dc=com" credentials=passwordofreplica bindmethod=simple tls=yes
(secondary any/all) updatedn "cn=replica,dc=example,dc=com" updateref ldap://linserv2.example.com
Don't forget, cn=replica,dc=example,dc=com must be given write access to everything via ACL's
Craig
Hi Craig,
Just some clarification.
Which is your primary ldap, linserv1.example.com or linserv2.example.com?
I'm assuming linserv1.example.com?
- Brian On Apr 1, 2010, at 5:49 PM, Craig White wrote:
On Thu, 2010-04-01 at 17:25 -0700, aurfalien@gmail.com wrote:
Hi Craig,
Will the below config allow me to push using slurp... to the d that is;
primary ldap slapd.conf; replica uri=ldap://ldap.dns.name:389 binddn="cn=replicauser,dc=domain,dc=name" bindmethod=simple credentials=passofreplicauser
secondarie{s} ldap slapd.conf; updatedn cn=replicauser,dc=domain,dc=name updateref ldap://ldap.dns.name
This what I am using... YMMV
(primary - a separate, virtually stanza for each slave) replica host=linserv1.example.com:389 suffix="dc=example,dc=com" binddn="cn=replica,dc=example,dc=com" credentials=passwordofreplica bindmethod=simple tls=yes
(secondary any/all) updatedn "cn=replica,dc=example,dc=com" updateref ldap://linserv2.example.com
Don't forget, cn=replica,dc=example,dc=com must be given write access to everything via ACL's
Craig
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, 2010-04-02 at 11:54 -0700, aurfalien@gmail.com wrote:
Hi Craig,
Just some clarification.
Which is your primary ldap, linserv1.example.com or linserv2.example.com?
I'm assuming linserv1.example.com?
---- no - primary LDAP server is linserv2
Craig ----
- Brian
On Apr 1, 2010, at 5:49 PM, Craig White wrote:
On Thu, 2010-04-01 at 17:25 -0700, aurfalien@gmail.com wrote:
Hi Craig,
Will the below config allow me to push using slurp... to the d that is;
primary ldap slapd.conf; replica uri=ldap://ldap.dns.name:389 binddn="cn=replicauser,dc=domain,dc=name" bindmethod=simple credentials=passofreplicauser
secondarie{s} ldap slapd.conf; updatedn cn=replicauser,dc=domain,dc=name updateref ldap://ldap.dns.name
This what I am using... YMMV
(primary - a separate, virtually stanza for each slave) replica host=linserv1.example.com:389 suffix="dc=example,dc=com" binddn="cn=replica,dc=example,dc=com" credentials=passwordofreplica bindmethod=simple tls=yes
(secondary any/all) updatedn "cn=replica,dc=example,dc=com" updateref ldap://linserv2.example.com
Don't forget, cn=replica,dc=example,dc=com must be given write access to everything via ACL's
Craig
-
aurfalien@gmail.com -
Craig White