Ignore:
Timestamp:
Sep 26, 2010, 1:44:07 PM (14 years ago)
Author:
ezyang
Message:
More updates from installing b-m and o-f.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/fc13-dev/server/doc/install-ldap

    r1661 r1672  
    282282    then try again.
    283283
    284 [XXX: Do we need the referrals?]
     284Troubleshooting
     285===============
     286
     287LDAP multimaster replication can fail in a number of colorful ways.
     288If the failure is local to a single master, usually you can recover
     289by asking another master to refresh that master with:
     290
     291nsDS5BeginReplicaRefresh: start
     292
     293In practice, we've also had problems with this technique.  Some of them
     294include:
     295
     296* Something like https://bugzilla.redhat.com/show_bug.cgi?id=547503
     297  on Fedora 11 ns-slapd, where replication is turned off to do the
     298  replication, but then it wedges and you need to forcibly kill the
     299  process.
     300
     301* Failed LDAP authentication because another master attempted to do
     302  an incremental update.
     303
     304* Repropagation of the error because the corrupt master thinks it still
     305  should push updates.
     306
     307So the extremely safe method to bring up a crashed master is as follows:
     308
     3091. Disable all incoming and outgoing replication agreements by editing
     310   /etc/dirsrv/slapd-scripts/dse.ldif. You'll need to munge:
     311
     312   nsDS5ReplicaBindDN in cn=replica,cn=dc\3Dscripts\2Cdc\3Dmit\2Cdc\3Dedu,cn=mapping tree,cn=config
     313
     314   and all of the push agreements.  Deleting them outright works, but
     315   means you'll have to reconstruct all of the agreements from scratch.
     316
     3172. Bring up the server.
     318
     3193. Accept incoming replication data from a single server.
     320
     3214. Initiate a full update from that server.
     322
     3235. Finish setting up replication as described above.
     324
     325If your database gets extremely fucked, other servers may not be able
     326to authenticate because your authentication information has gone missing.
     327In that case, the minimal set of entries you need is:
     328
     329add dc=scripts,dc=mit,dc=edu
     330objectClass: top
     331objectClass: domain
     332dc: scripts
     333
     334add ou=People,dc=scripts,dc=mit,dc=edu
     335objectClass: top
     336objectClass: organizationalunit
     337ou: People
     338
     339add uid=ldap/real-mccoy.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
     340objectClass: account
     341objectClass: top
     342uid: ldap/real-mccoy.mit.edu
Note: See TracChangeset for help on using the changeset viewer.