Skip to content

OpenLDAP Weekly News Issue 5

OpenLDAP Welcome to the fifth issue of OpenLDAP Weekly News (OWN), the unofficial weekly newsletter for the OpenLDAP community.

This will be released every Sunday (or thereabouts), covering the latest goings on in and around the OpenLDAP community.

Summary:

- Latest "stable" OpenLDAP
- Multi-Master Replication configuration example
- Update on Build Farm
- Contributions
- OpenLDAP Documentation updates
- OpenLDAP Development
- Selected user issues and solutions discussed

Latest "stable" OpenLDAP:

OpenLDAP 2.3.39 is now considered the most stable release.


Multi-Master Replication configuration example:

This has been asked for a few times now, so I'm putting an example here for use with OpenLDAP 2.4.6, which will then be part of the main docs

This is adapted from test050-syncrepl-multimaster

A proper writeup will be in the admin guide soon, I promise ;-)

Right, the following is all in LDIF format and you slapadd them to your cn=config on the amount of Master nodes you have/want (using slappasswd of course):

This sets up the config database:

CODE:
dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret


second and third servers will have a different olcServerID obviously:

CODE:
dn: cn=config objectClass: olcGlobal cn: config olcServerID: 2 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret


This sets up syncrepl as a provider (since these are all masters):

CODE:
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/local/libexec/openldap olcModuleLoad: syncprov.la


Now we setup the first Master Node (replace $URI1, $URI2 and $URI3 etc. with your actual ldap[?] urls):

CODE:
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 olcServerID: 3 $URI3 dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple   credentials=secret searchbase="cn=config" type=refreshAndPersist   retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple   credentials=secret searchbase="cn=config" type=refreshAndPersist   retry="5 5 300 5" timeout=1 olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple   credentials=secret searchbase="cn=config" type=refreshAndPersist   retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE


Now start up the Master and a consumer/s, also add the above LDIF to the first consumer, second consumer etc. It will then replicate cn=config. You now have N-Way Multimaster on the config database.

We still have to replicate the actual data, not just the config, so add to the master (all active and configured consumers/masters will pull down this config, as they are all syncing). Also, replace all ${} variables with whatever is applicable to your setup:

CODE:
dn: olcDatabase={1}$BACKEND,cn=config objectClass: olcDatabaseConfig objectClass: olc${BACKEND}Config olcDatabase: {1}$BACKEND olcSuffix: $BASEDN olcDbDirectory: ./db olcRootDN: $MANAGERDN olcRootPW: $PASSWD olcSyncRepl: rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple   credentials=$PASSWD searchbase="$BASEDN" type=refreshAndPersist   interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple   credentials=$PASSWD searchbase="$BASEDN" type=refreshAndPersist   interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=006 provider=$URI3 binddn="$MANAGERDN" bindmethod=simple   credentials=$PASSWD searchbase="$BASEDN" type=refreshAndPersist   interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov


That's the quick version, more in the admin guide later....

Note: You must have all your server set to the same time via ntp

Please add comments to this post or start a thread on The OpenLDAP Project lists if you have problems (see support section below).


Update on Build Farm:

Kurt tells me the kit has arrived and there is money to spare due to big discounts. The OpenLDAP Project will either put that towards getting another server or stick more RAM in the existing one.

As soon as access is sorted out The OpenLDAP Project can begin to setup the build farm.

More later....


Contributions:

Howard adds Ordered indexing for integers. Very handy.

The OpenLDAP Project still have a few things left in the queue to get a proper review.


OpenLDAP Documentation updates:

Well, my plan to get the MMR docs done failed, as I got bogged down with normal work and a lot of OpenLDAP sales work with our partners.

I did however extend the MMR test, which means I kind of know MMR inside out ;-)


OpenLDAP Development:

The core team and engineering team have been busy as usual.

The OpenLDAP Project are currently closing out bugs and pushing towards a 2.4.7 release, hopefully this week.

As already discussed, Howard adds ordered indexing for integers, follow the discussion.

I try to start discussions on a new Roadmap. Seems it's a bit early, and I point out what docs I need help with.

I also ask about next years OpenLDAP Developers Day, with no answers yet.


Selected user issues and solutions discussed:

Lots this week.

In and around the community:



Hopefully this weeks snippet on MMR will help users and save the many questions The OpenLDAP Project gets.


Contribute:

If you have any interesting OpenLDAP stories or spot anything in the Open Source community related to OpenLDAP, drop me a line at ghenry at suretecsystems dot com


Support:

As usual, if you have questions or problems please contact The OpenLDAP Project via normal channels.

Thanks,

Gavin.

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

Chris g. Sellers on :

*This is good stuff. I had trouble getting it to work for my setup with my setup 2.4.7 however it looks interesting.

I was hoping to complete it successfully and then document it for you.

Good luck

Gavin Henry on :

*Thanks for your contributions to the wiki. Very nice ideas.

I'm just reading your openldap-software post now.

Gavin.

Neil Price on :

*Whats the meaning of olcDbDirectory? Is it where your db files are stored? What is the directory in the example relative to?

Gavin Henry on :

*Yes, that's correct. In the above example, it was the directory db in the same directory slapd was run from.

In your config it may be /usr/local/var/openldap-data or similar.

HTH.

visu on :

*i tried setting up the way you mentioned .
i have openldap 2.4.9 installed on ununtu 8.04 server. when i add first ldif file as mentioned on top of this page (dn: cn=config ldif ). its giving an error
database(dc=example,dc=com) is not configured to hold cn=config.
even after that i tried configuring cn=config by using http://www.zytrax.com/books/ldap/ch6/slapd-config.html but no use . getting the same error
can you plz suggest me some way to configure openldap multi master setup on ubuntu 8.04

Thanks for your article

Regards,
Visu

Gavin Henry on :

*Hi:

slapadd -n 0 for the cn=config database.

visu on :

*Hi,

i have tried
slapadd -n 0

its not working

can u suggest me how to use exactly.

Thanks
Visu

Gavin Henry on :

*Hi visu,

Can I suggest you subscribe to the openldap-software list and post your config and questions there? The comments are getting very long here and this will be easier to deal with on list.

Thanks,
Gavin.

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
Pavatar, Gravatar, Favatar, MyBlogLog, Pavatar author images supported.
Form options
tweetbackcheck