Re: Adding read-only consumers to a Mirror Mode Replication setup?

2018-10-17 Thread Quanah Gibson-Mount 
--On Wednesday, October 17, 2018 5:52 PM -0400 Jean-Francois Malouin 
 wrote:



Hi,

Is it possible, or even sane to consider adding read-only consumers to a
MMR setup? If so, any recommendations, pitfalls or gotchas? Or should I
simply re-start from scratch -- I'm still not in production.


I've had setups with 2-node MMR on the front, and read only consumers.  It 
works just fine, as long as any given consumer only points to one master. 
Theoretically, it's supposed to work so that consumers can point to more 
than one master in an MMR setup, but my experience didn't match that 
().


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Adding read-only consumers to a Mirror Mode Replication setup?

2018-10-17 Thread Jean-Francois Malouin 
Hi,

Is it possible, or even sane to consider adding read-only consumers to a MMR
setup? If so, any recommendations, pitfalls or gotchas? Or should I simply
re-start from scratch -- I'm still not in production.

Just for the record, I'm using 2.4.46 on Debian/Stretch 9.5. Both mirrors
are backends to an HA haproxy server.

Thanks,
jf

ODD #5 Proceedings

2018-10-17 Thread Howard Chu 
Proceedings are partially online now.
http://www.openldap.org/conf/odd-tuebingen-2018/

(The last 2 talks are still missing, will be uploaded when available.)
-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Re: OpenLDAP and Google Cloud Directory Sync

2018-10-17 Thread Howard Chu 
Brian Hill wrote:
> I would like to get OpenLDAP to trigger a GCDS sync whenever either certain 
> attributes are modified or even anything the DB, if it isn't possible to 
> limit it to
> certain attributes.
> 
> I am thinking along the lines of OpenLDAP calling some external program after 
> a modification, but if there is another way to do this that I am missing,  I 
> am
> all ears. I have looked at the various overlays but none seem relevant.
> 
> Has anyone done this or have general suggestions?

If you want GCDS to receive every change, just set up a syncrepl consumer on a 
back-ldap backend, pointed to GCDS.

-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Re: nonpresent_callback present UUID in logs

2018-10-17 Thread Quanah Gibson-Mount 
--On Wednesday, October 17, 2018 11:32 AM +0200 Florent LARTET 
 wrote:



Hello,
 I migrated my OpenLDAP data from bdb to mdb in a Multi-Master
Replication architecture that is working for years now.
 Unfortunately using only 2.4.31-2+deb7u2 from Debian 7.


Don't use MMR with that release.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

nonpresent_callback present UUID in logs

2018-10-17 Thread Florent LARTET 

Hello,
I migrated my OpenLDAP data from bdb to mdb in a Multi-Master 
Replication architecture that is working for years now.

Unfortunately using only 2.4.31-2+deb7u2 from Debian 7.

In the 2nd server (yy in the configuration below), I noticed new log 
lines for each LDAP entry.
nonpresent_callback: rid=002 present UUID 
345d766c-b2d5-1030-9b6b-85786c41386a, dn 
uid=tve0320,ou=people,dc=univ-tlse2,dc=fr
It occurs if the server yy is down, a modification is done on the 
server x and  is started.

I saw it's related to the "PRESENT" step on replication.
I haven't the sync logs for long so I cannot say if it happened with the 
previous backend.


So, is this a warning about a data problem or does it only mean "I'm 
looking for the existence on rid=002 and that's fine, here are the UUID 
and dn" ?


Here is part of my conf, also replicated :
/etc/ldap/slapd.d/cn=config.ldif:olcServerID: 1 ldap://xxx/
/etc/ldap/slapd.d/cn=config.ldif:olcServerID: 2 ldap://yyy/

olcSyncrepl: {0}rid=002 provider=ldap://xxx/ binddn="" 
bindmethod=simple credentials=
 searchbase="dc=univ-tlse2,dc=fr" type=refreshAndPersist retry="5 5 300 
+" attrs="*,+" tls_reqcert=never
olcSyncrepl: {1}rid=003 provider=ldap://yyy/ binddn="" 
bindmethod=simple credentials=
 searchbase="dc=univ-tlse2,dc=fr" type=refreshAndPersist retry="5 5 300 
+" attrs="*,+" tls_reqcert=never


olcMirrorMode: TRUE

olcDbCacheSize: 1
olcDbCheckpoint: 512 5
olcDbNoSync: TRUE
olcDbMaxSize: 3221225472

olcIndex: entryUUID,entryCSN,contextCSN eq

Thanks for your advices,
Florent Lartet
University of Toulouse Jean Jaurès

Re: OpenLDAP and Google Cloud Directory Sync

2018-10-17 Thread Dieter Klünter 
Am Tue, 16 Oct 2018 15:10:16 -0700
schrieb Brian Hill :

> I would like to get OpenLDAP to trigger a GCDS sync whenever either 
> certain attributes are modified or even anything the DB, if it isn't 
> possible to limit it to certain attributes.
> 
> I am thinking along the lines of OpenLDAP calling some external
> program after a modification, but if there is another way to do this
> that I am missing,  I am all ears. I have looked at the various
> overlays but none seem relevant.
> 
> Has anyone done this or have general suggestions?

Based on perldoc Net::LDAP::Control::SyncRequest i built a script that
monitors modifications to the database.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E