I think I can have two "rid=000" because I do not see any complaints on the logs (both masters) and the replication works. I'll have to read more about this.
Thanks, Guruprasad On Nov 25, 2014 2:46 AM, "Ulrich Windl" <[email protected]> wrote: > Hi! > > First I think you cannot have two "rid=000", second (unless you use > certificates or more sophisticated mechs) your password will be visible in > the > config. That's why the config should be protected (and better not be sent > to > this list unmodified). > > Regards, > Ulrich > > >>> Guruprasad Kulkarni <[email protected]> schrieb am > 24.11.2014 > um > 20:01 in Nachricht > <CAB6=w2stwbseeehye7vpn-v1bg6wro+wpztqdmb8zy0yfqr...@mail.gmail.com>: > > So I found an example for setting up multi master replication using > > slapd.conf > > > > *slapd.conf for MASTER 1* > > > > *# slapd master ldap1.example.com <http://ldap1.example.com>* > > *# global section* > > *serverID 001* > > > > *database bdb* > > *...* > > > > *access to ** > > * by dn.base="cn=admin,ou=people,dc=example,dc=com" read* > > * by * read* > > > > *syncrepl rid=000 * > > * provider=ldap://ldap2.example.com <http://ldap2.example.com>* > > * type=refreshAndPersist* > > * retry="5 5 300 +" * > > * searchbase="dc=example,dc=com"* > > * attrs="*,+"* > > * bindmethod=simple* > > * binddn="cn=admin,ou=people,dc=example,dc=com"* > > * credentials=secret* > > > > *index objectClass eq* > > > > *mirrormode TRUE* > > > > *overlay syncprov* > > *syncprov-checkpoint 100 10* > > > > > > > > *slapd.conf for MASTER 2* > > > > *# slapd master ldap2.example.com <http://ldap2.example.com>* > > *# global section* > > *serverID 002* > > > > *database bdb* > > *...* > > > > *access to ** > > * by dn.base="cn=admin,ou=people,dc=example,dc=com" read* > > * by * read * > > > > *syncrepl rid=000 * > > * provider=ldap://ldap1.example.com <http://ldap1.example.com>* > > * type=refreshAndPersist* > > * retry="5 5 300 +" * > > * searchbase="dc=example,dc=com"* > > * attrs="*,+"* > > * bindmethod=simple* > > * binddn="cn=admin,ou=people,dc=example,dc=com"* > > * credentials=secret* > > > > *index objectClass eq* > > > > *mirrormode TRUE* > > > > *overlay syncprov* > > *syncprov-checkpoint 100 10* > > > > > > > > My question is - Do the credentials have to be clear text passwords? If > > not, how do I mention encrypted passwords? (I tried within quotes ' ' > and " > > ", but each time got invalid credentials error) > > > > > > > > On Mon, Nov 24, 2014 at 1:28 PM, Howard Chu <[email protected]> wrote: > > > >> Guruprasad Kulkarni wrote: > >> > >>> Hi, > >>> > >>> I did have a look at the options and only "--enable-modules" option > >>> talks about dynamic module support > >>> > >>> I tried "--enable-dynamic" option as well (the description for it is > >>> enable linking built binaries with dynamic libs) > >>> > >>> What I do observe is that even though I have "moduleload syncprov.la > >>> <http://syncprov.la>" directive in slapd.conf, slapd does not complain > >>> about it. So I guess I do not have to specify the module path > >>> (syncreplication tests were successful as well) > >>> > >> > >> Correct, moduleload silently succeeds if you specify a module that was > >> built statically. > >> > >>> > >>> I also realized I was looking at the OLC configuration examples for > >>> multi master. What I need to do is find slapd.conf example for multi > >>> master. > >>> > >>> > >>> On Mon, Nov 24, 2014 at 11:29 AM, Dieter Klünter <[email protected] > >>> <mailto:[email protected]>> wrote: > >>> > >>> Am Mon, 24 Nov 2014 09:52:34 -0500 > >>> schrieb Guruprasad Kulkarni <[email protected] > >>> <mailto:[email protected]>>: > >>> > >>> > I have 2 questions regarding multi master replication: > >>> > > >>> > 1. I built openldap 2.4.40 from source and according to the > >>> makefile, > >>> > the module directory should be at /usr/local/libexec/openldap. > >>> > > >>> > However I do not see such a folder. Am I missing something? > The > >>> > options I used with configure were "--enable-debug > --enable-modules > >>> > --enable-hdb --enable-monitor --enable-ppolicy --enable-syncprov > >>> > --with-tls --with-cyrus-sasl" > >>> > > >>> > I am asking because the multi master replication example ( > >>> >http://www.openldap.org/doc/admin24/replication.html > >>> > <http://www.openldap.org/doc/admin24/replication.html#N-Way>) > >>> needs > >>> > me to load thesyncprov.la <http://syncprov.la> module, but I am > >>> not sure if the > >>> > modulepath given there is correct or not. > >>> > >>> You have probably not build dynamic loadable modules, but built-in > >>> modules. > >>> you should run ./configure --help | less, which will show proper > build > >>> choices. > >>> > >> > >> -- > >> -- Howard Chu > >> CTO, Symas Corp. http://www.symas.com > >> Director, Highland Sun http://highlandsun.com/hyc/ > >> Chief Architect, OpenLDAP http://www.openldap.org/project/ > >> > > > > > > > > -- > > -Guruprasad > > > >
