Changeset 1672 for branches/fc13-dev/server/doc/install-ldap
- Timestamp:
- Sep 26, 2010, 1:44:07 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/fc13-dev/server/doc/install-ldap
r1661 r1672 282 282 then try again. 283 283 284 [XXX: Do we need the referrals?] 284 Troubleshooting 285 =============== 286 287 LDAP multimaster replication can fail in a number of colorful ways. 288 If the failure is local to a single master, usually you can recover 289 by asking another master to refresh that master with: 290 291 nsDS5BeginReplicaRefresh: start 292 293 In practice, we've also had problems with this technique. Some of them 294 include: 295 296 * Something like https://bugzilla.redhat.com/show_bug.cgi?id=547503 297 on Fedora 11 ns-slapd, where replication is turned off to do the 298 replication, but then it wedges and you need to forcibly kill the 299 process. 300 301 * Failed LDAP authentication because another master attempted to do 302 an incremental update. 303 304 * Repropagation of the error because the corrupt master thinks it still 305 should push updates. 306 307 So the extremely safe method to bring up a crashed master is as follows: 308 309 1. Disable all incoming and outgoing replication agreements by editing 310 /etc/dirsrv/slapd-scripts/dse.ldif. You'll need to munge: 311 312 nsDS5ReplicaBindDN in cn=replica,cn=dc\3Dscripts\2Cdc\3Dmit\2Cdc\3Dedu,cn=mapping tree,cn=config 313 314 and all of the push agreements. Deleting them outright works, but 315 means you'll have to reconstruct all of the agreements from scratch. 316 317 2. Bring up the server. 318 319 3. Accept incoming replication data from a single server. 320 321 4. Initiate a full update from that server. 322 323 5. Finish setting up replication as described above. 324 325 If your database gets extremely fucked, other servers may not be able 326 to authenticate because your authentication information has gone missing. 327 In that case, the minimal set of entries you need is: 328 329 add dc=scripts,dc=mit,dc=edu 330 objectClass: top 331 objectClass: domain 332 dc: scripts 333 334 add ou=People,dc=scripts,dc=mit,dc=edu 335 objectClass: top 336 objectClass: organizationalunit 337 ou: People 338 339 add uid=ldap/real-mccoy.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu 340 objectClass: account 341 objectClass: top 342 uid: ldap/real-mccoy.mit.edu
Note: See TracChangeset
for help on using the changeset viewer.