how to promote ldap replica to master

StackOverflow https://stackoverflow.com/questions/22939521

  •  29-06-2023
  •  | 
  •  

Question

I have a master LDAP server (openldap) running on a node that needs to be decomissioned. I have several consumer nodes doing a syncrepl to it. I have designated another node (one of the consumers) to become the new master so I can decomission the old master.

I have updated all of the other consumers to syncrepl from this second master.

heuristically, what is the process to 'promote' this new server from consumer (slave) to a master?

The config line looks like this in the consumers.

olcSyncrepl: {0}rid=312 provider="ldaps://<new master>/" type=refreshAndPersist interval="00:00:01:00" retry="60 30 300 +" searchbase="<base of tree>" bindmethod=sasl saslmech=gssapi keepalive=3540:10:3

in the new master it is the same line, except the value of the provider is the old master. Is it simply a case of removing this line? And if so, can I do it by just stopping slapd and removing this line from the hdb.ldif file and restarting. or do I need to do ldapmodify on the RDN?

Was it helpful?

Solution

Ok, I have found the answer. From the syncrepl documentation it says this

The consumer also stores its replica state, which is the provider's contextCSN received as a synchronization cookie, in the contextCSN attribute of the suffix entry. The replica state maintained by a consumer server is used as the synchronization state indicator when it performs subsequent incremental synchronization with the provider server. It is also used as a provider-side synchronization state indicator when it functions as a secondary provider server in a cascading replication configuration. Since the consumer and provider state information are maintained in the same location within their respective databases, any consumer can be promoted to a provider (and vice versa) without any special actions.

So, by simply dropping the synchronization to the original provider, this node can become the new master provider. and this can be confirmed by comparing the contextCSN attributes on each DIT on each node to validate.

OTHER TIPS

I don't know if this could be useful for you, but you can take into account this chapter about the replication of RHEL Identity Management Guide (a.k.a. as FreeIpa). They have LDAP inside too.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top