directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject Replication configuration
Date Fri, 13 Mar 2009 14:34:59 GMT
Hi,

on the replication branch, we are now able to connect to an OpenLDAP 
server, and subscribe as a slave with the refreshOnly or 
refreshAndPersist operations. This is very experimental atm, and we need 
more than the current configuration in order to implement this in the 
server.

So far, here are the needed informations :
- a replicaId (or RID), uniquely identifying the server
- a replication type : RefreshOnly or RefreshAndPersist
- an interval for a RefreshOnly replication
- a search base, which will be the part of the tree to replicate
- a principal, used to connect on the master server
- a password

Currently, the lacking informations are :
- the replication type
- the search base
- the principal
- the password

We have a Replica class holding similar informations, namely a 
SocketAddress, as we where based on a proprietary protocol to handle the 
replication in the previous version (Mitosis). As the new replication 
model will be based on RFC 4533, we need to change this.

So the ReplicationInterceptor configuration will change. Currently, it 
looks like that :

    <replicationInterceptor>
      <configuration>
        <replicationConfiguration logMaxAge="5"
                                  replicaId="instance_a"
                                  replicationInterval="2"
                                  responseTimeout="10"
                                  serverPort="10390">
          <s:property name="peerReplicas">
            <s:set>
              <s:value>instance_b@localhost:1234</s:value>
              <s:value>instance_c@localhost:1234</s:value>
            </s:set>
          </s:property>
        </replicationConfiguration>
      </configuration>
    </replicationInterceptor>


We will remove the logMaxAge, responseTimeout and serverPort parameters. 
The peerReplicas will contain an LdapURL with the list of server we want 
to replicate from. Those replicas will look like :

ldap://[<principalDN>:<password>]@<server>[:<port>]/<baseDN>

We will end with a configuration like :

    <replicationInterceptor>
      <configuration>
        <replicationConfiguration sync="RefreshOnly"   (or "RefreshAndPersist")
                                  replicaId="001"
                                  replicationInterval="00:05:00">  (every 5 minutes)
          <s:property name="peerReplicas">
            <s:set>
              <s:value>ldap://uid=admin,ou=system:secret@ldap2.apache.org:10389/ou=people,dc=apache,dc=org</s:value>
              <s:value>ldap://uid=admin,ou=system:secret@ldap3.apache.org:10389/ou=projects,dc=apache,dc=org</s:value>
            </s:set>
          </s:property>
        </replicationConfiguration>
      </configuration>
    </replicationInterceptor>

(the replicaId is now a 3 digits value, as the OpenLDAP looks like 
rid=000,sid=000,csn=20090311230920.705931Z#000000#001#000000).

We may want to be more specific with the peerReplicas, like for instance 
define a different replication Interval for each search base. That could 
be done using such a configuration :

    <replicationInterceptor>
      <configuration>
        <replicationConfiguration replicaId="001">
          <s:property name="peerReplicas">
            <s:set>
              <replica>
                <type>refreshAndPersist</type>
                <principalDn>uid=admin,ou=system</principalDn>
                <password>secret</password>
                <server>ldap1.apache.org</server>
                <port>10389</port>
                <baseDN>ou=people,dc=apache,dc=org</baseDN>
              </replica>
              <replica>
                <type>refreshOnly</type>
                <principalDn>uid=admin,ou=system</principalDn>
                <password>secret</password>
                <server>ldap1.apache.org</server>
                <port>10389</port>
                <baseDN>cn=config,ou=system</baseDN>
                <interval>01:00:00</interval>
              </replica>
            </s:set>
          </s:property>
        </replicationConfiguration>
      </configuration>
    </replicationInterceptor>


This is a very preliminary proposal. Feel free to comment it.

-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message