Perform branch replication at regular interval time on the slave servers.
- Requirement: OpenLDAP
- Manpage: slapo-syncprov (5)
Context
The entryCSN and entryUUID attributs are used during the replication
process to decide what need to be transfered, so they need to be
indexed for good performance:
1 | |
When using the memberof overlay, the memberof-dangling option set to
drop can lead to a replication failure due to a constrain violation.
To setup the replication for a branch, the ldap process must have a
read access on the branch, an entry is assumed to be created for that
purpose with required access right, for the user:
uid=ldap-sync,ou=Admins,dc=example,dc=com
1 2 3 4 5 6 | |
Master
Load and configure the overlay (syncprov) performing the
replication. The contextCSN attribut is saved on disk every 100
operations or 10 minutes (syncprov-checkpoint), a log of the last 100
write operations is kept in memory (syncprov-sessionlog), and the
reloadHint flag is honored (syncprov-reloadhint):
1 2 3 4 | |
Give read access to the whole branch that need to be replicated:
1 2 3 | |
Slave
To allow the replication on the slave side, the main parameter to setup are:
- a unique identifier (
rid) - the server to contact (
provider) - the branch to replicate (
searchbase), the scope (scope) and the filters (filter) - the authentication (
bindmethod,binddn,credentials) - the replication type (
type) - the read frequency (
interval), and how to manage retry in case of connection errors (retry)
1 2 3 4 5 6 7 8 9 10 | |