New ApacheDS admin.. some tips needed!

[Timothy Balcer <ti...@telmate.com>]

Hi folks. I am familiar with OpenLDAP, Kerberos, SASL, GSSAPI.. all the fun
things you need for transparent SSO in a heterogenous organization :) I'm
hitting a few walls here that I am guessing folks will be able to help me
around..so here goes.. and please feel free to point me at RTFM! I have hit
the google hammer quite a bit on these and have found very little to help.

First - Replication.

Ok.. I have done syncrepl wih OpenLDAP etc, but the draw for me in ApacheDS
was Multi-master (supposedly available in M12!). I have a need to have
several geographically distant LDAP masters operating simultaneously, and
this would be difficult otherwise. Problem: What am I missing? I setup
three ApacheDS servers running fine. I can connect to each. Lets call them
s1, s2 and s3. s1 is my local master, so first I setup Replication there,
using the configuration manager, and pointed it at s2 and s3. I set the
replication base to be dc=foo, dc=com.. saved the config .. made the
dc=foo,dc=com partition on the slaves by hand, and then restarted all 3
servers (s2 and s3 before s1).

Nada!

I created an entry on s1 under dc=foo, dc=com and nothing happened. After
some futzing around, I even managed to get the entry I created on s1 to
disappear from s1 (restarting the other servers and then restarting s1
again) which.. to say the least.. is a bit vexing.

So, do I need to setup some attributes on the other servers by hand? using
the standard LDIFs? I'm obviously missing something, but this is multi
master (I am told) and so I am guessing something is sort of working, since
the entry I created on s1 disappeared! Direction and hints as to process
are very appreciated!

-- 
Timothy Balcer / IT Services
Telmate / San Francisco, CA
Direct / (415) 300-4313
Customer Service / (800) 205-5510

Re: New ApacheDS admin.. some tips needed!

[Timothy Balcer <ti...@telmate.com>]

Very very interesting.. I purged the entire apacheds package including
data, reinstalled, did everything very carefully, and replication worked.

Last time, I may have turned on replication before I created the partitions
on the first slaves.. Honestly, I did very little, but clearly there is a
state we can get into where replication will not initialize, however
otherwise the ApacheDS server works fine.

Well, on to Kerberos :-)


On Wed, Jun 12, 2013 at 12:47 PM, Kiran Ayyagari <ka...@apache.org>wrote:

> On Wed, Jun 12, 2013 at 10:07 PM, Timothy Balcer <timothy@telmate.com
> >wrote:
>
> > At first, all I did was set 2 and 3 as consumers of 1, using the
> > configuration tool on 1. Nothing replicated.
> >
> > Then I set up cross replication on 2 and 3 , again only using the
> > configuration tool. Each set the other two as consumers, and I left the
> > everything as defaults except the replication dn.
> >
> > My test entries under dc=foo,dc=com then disappeared after restart.
> >
> > That's it.
> >
> take a look at these config files[1] , I have setup MMR between 3 servers
>
> [1] http://d.pr/f/8c1m
>
> >
> > What ldif search would you find most useful?
> > On Jun 11, 2013 8:41 PM, "Kiran Ayyagari" <ka...@apache.org> wrote:
> >
> > > On Wed, Jun 12, 2013 at 7:55 AM, Timothy Balcer <ti...@telmate.com>
> > > wrote:
> > >
> > > > Hi folks. I am familiar with OpenLDAP, Kerberos, SASL, GSSAPI.. all
> the
> > > fun
> > > > things you need for transparent SSO in a heterogenous organization :)
> > I'm
> > > > hitting a few walls here that I am guessing folks will be able to
> help
> > me
> > > > around..so here goes.. and please feel free to point me at RTFM! I
> have
> > > hit
> > > > the google hammer quite a bit on these and have found very little to
> > > help.
> > > >
> > > > First - Replication.
> > > >
> > > > Ok.. I have done syncrepl wih OpenLDAP etc, but the draw for me in
> > > ApacheDS
> > > > was Multi-master (supposedly available in M12!). I have a need to
> have
> > > > several geographically distant LDAP masters operating simultaneously,
> > and
> > > > this would be difficult otherwise. Problem: What am I missing? I
> setup
> > > > three ApacheDS servers running fine. I can connect to each. Lets call
> > > them
> > > > s1, s2 and s3. s1 is my local master, so first I setup Replication
> > there,
> > > > using the configuration manager, and pointed it at s2 and s3. I set
> the
> > > > replication base to be dc=foo, dc=com.. saved the config .. made the
> > > > dc=foo,dc=com partition on the slaves by hand, and then restarted
> all 3
> > > > servers (s2 and s3 before s1).
> > > >
> > > > are all these replication connections bidirectional(i.e. making s1 a
> > > slave
> > > of s2 and s3, making s2 a slave of s1 and s3 etc.) ?
> > > if not they should be, if you have already configured can you show us
> the
> > > config.ldif files or the relevant parts of it (after stripping
> > > the confidential details)
> > >
> > > > Nada!
> > > >
> > > > I created an entry on s1 under dc=foo, dc=com and nothing happened.
> > After
> > > > some futzing around, I even managed to get the entry I created on s1
> to
> > > > disappear from s1 (restarting the other servers and then restarting
> s1
> > > > again) which.. to say the least.. is a bit vexing.
> > > >
> > > > So, do I need to setup some attributes on the other servers by hand?
> > > using
> > > > the standard LDIFs? I'm obviously missing something, but this is
> multi
> > > > master (I am told) and so I am guessing something is sort of working,
> > > since
> > > > the entry I created on s1 disappeared! Direction and hints as to
> > process
> > > > are very appreciated!
> > > >
> > > > it should just work with the default settings, so it would help us if
> > we
> > > know your configuration details.
> > >
> > > > --
> > > > Timothy Balcer / IT Services
> > > > Telmate / San Francisco, CA
> > > > Direct / (415) 300-4313
> > > > Customer Service / (800) 205-5510
> > > >
> > >
> > >
> > >
> > > --
> > > Kiran Ayyagari
> > > http://keydap.com
> > >
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>



-- 
Timothy Balcer / IT Services
Telmate / San Francisco, CA
Direct / (415) 300-4313
Customer Service / (800) 205-5510

Re: New ApacheDS admin.. some tips needed!

[Kiran Ayyagari <ka...@apache.org>]

On Wed, Jun 12, 2013 at 10:07 PM, Timothy Balcer <ti...@telmate.com>wrote:

> At first, all I did was set 2 and 3 as consumers of 1, using the
> configuration tool on 1. Nothing replicated.
>
> Then I set up cross replication on 2 and 3 , again only using the
> configuration tool. Each set the other two as consumers, and I left the
> everything as defaults except the replication dn.
>
> My test entries under dc=foo,dc=com then disappeared after restart.
>
> That's it.
>
take a look at these config files[1] , I have setup MMR between 3 servers

[1] http://d.pr/f/8c1m

>
> What ldif search would you find most useful?
> On Jun 11, 2013 8:41 PM, "Kiran Ayyagari" <ka...@apache.org> wrote:
>
> > On Wed, Jun 12, 2013 at 7:55 AM, Timothy Balcer <ti...@telmate.com>
> > wrote:
> >
> > > Hi folks. I am familiar with OpenLDAP, Kerberos, SASL, GSSAPI.. all the
> > fun
> > > things you need for transparent SSO in a heterogenous organization :)
> I'm
> > > hitting a few walls here that I am guessing folks will be able to help
> me
> > > around..so here goes.. and please feel free to point me at RTFM! I have
> > hit
> > > the google hammer quite a bit on these and have found very little to
> > help.
> > >
> > > First - Replication.
> > >
> > > Ok.. I have done syncrepl wih OpenLDAP etc, but the draw for me in
> > ApacheDS
> > > was Multi-master (supposedly available in M12!). I have a need to have
> > > several geographically distant LDAP masters operating simultaneously,
> and
> > > this would be difficult otherwise. Problem: What am I missing? I setup
> > > three ApacheDS servers running fine. I can connect to each. Lets call
> > them
> > > s1, s2 and s3. s1 is my local master, so first I setup Replication
> there,
> > > using the configuration manager, and pointed it at s2 and s3. I set the
> > > replication base to be dc=foo, dc=com.. saved the config .. made the
> > > dc=foo,dc=com partition on the slaves by hand, and then restarted all 3
> > > servers (s2 and s3 before s1).
> > >
> > > are all these replication connections bidirectional(i.e. making s1 a
> > slave
> > of s2 and s3, making s2 a slave of s1 and s3 etc.) ?
> > if not they should be, if you have already configured can you show us the
> > config.ldif files or the relevant parts of it (after stripping
> > the confidential details)
> >
> > > Nada!
> > >
> > > I created an entry on s1 under dc=foo, dc=com and nothing happened.
> After
> > > some futzing around, I even managed to get the entry I created on s1 to
> > > disappear from s1 (restarting the other servers and then restarting s1
> > > again) which.. to say the least.. is a bit vexing.
> > >
> > > So, do I need to setup some attributes on the other servers by hand?
> > using
> > > the standard LDIFs? I'm obviously missing something, but this is multi
> > > master (I am told) and so I am guessing something is sort of working,
> > since
> > > the entry I created on s1 disappeared! Direction and hints as to
> process
> > > are very appreciated!
> > >
> > > it should just work with the default settings, so it would help us if
> we
> > know your configuration details.
> >
> > > --
> > > Timothy Balcer / IT Services
> > > Telmate / San Francisco, CA
> > > Direct / (415) 300-4313
> > > Customer Service / (800) 205-5510
> > >
> >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>



-- 
Kiran Ayyagari
http://keydap.com

Re: New ApacheDS admin.. some tips needed!

[Timothy Balcer <ti...@telmate.com>]

At first, all I did was set 2 and 3 as consumers of 1, using the
configuration tool on 1. Nothing replicated.

Then I set up cross replication on 2 and 3 , again only using the
configuration tool. Each set the other two as consumers, and I left the
everything as defaults except the replication dn.

My test entries under dc=foo,dc=com then disappeared after restart.

That's it.

What ldif search would you find most useful?
On Jun 11, 2013 8:41 PM, "Kiran Ayyagari" <ka...@apache.org> wrote:

> On Wed, Jun 12, 2013 at 7:55 AM, Timothy Balcer <ti...@telmate.com>
> wrote:
>
> > Hi folks. I am familiar with OpenLDAP, Kerberos, SASL, GSSAPI.. all the
> fun
> > things you need for transparent SSO in a heterogenous organization :) I'm
> > hitting a few walls here that I am guessing folks will be able to help me
> > around..so here goes.. and please feel free to point me at RTFM! I have
> hit
> > the google hammer quite a bit on these and have found very little to
> help.
> >
> > First - Replication.
> >
> > Ok.. I have done syncrepl wih OpenLDAP etc, but the draw for me in
> ApacheDS
> > was Multi-master (supposedly available in M12!). I have a need to have
> > several geographically distant LDAP masters operating simultaneously, and
> > this would be difficult otherwise. Problem: What am I missing? I setup
> > three ApacheDS servers running fine. I can connect to each. Lets call
> them
> > s1, s2 and s3. s1 is my local master, so first I setup Replication there,
> > using the configuration manager, and pointed it at s2 and s3. I set the
> > replication base to be dc=foo, dc=com.. saved the config .. made the
> > dc=foo,dc=com partition on the slaves by hand, and then restarted all 3
> > servers (s2 and s3 before s1).
> >
> > are all these replication connections bidirectional(i.e. making s1 a
> slave
> of s2 and s3, making s2 a slave of s1 and s3 etc.) ?
> if not they should be, if you have already configured can you show us the
> config.ldif files or the relevant parts of it (after stripping
> the confidential details)
>
> > Nada!
> >
> > I created an entry on s1 under dc=foo, dc=com and nothing happened. After
> > some futzing around, I even managed to get the entry I created on s1 to
> > disappear from s1 (restarting the other servers and then restarting s1
> > again) which.. to say the least.. is a bit vexing.
> >
> > So, do I need to setup some attributes on the other servers by hand?
> using
> > the standard LDIFs? I'm obviously missing something, but this is multi
> > master (I am told) and so I am guessing something is sort of working,
> since
> > the entry I created on s1 disappeared! Direction and hints as to process
> > are very appreciated!
> >
> > it should just work with the default settings, so it would help us if we
> know your configuration details.
>
> > --
> > Timothy Balcer / IT Services
> > Telmate / San Francisco, CA
> > Direct / (415) 300-4313
> > Customer Service / (800) 205-5510
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>

Re: New ApacheDS admin.. some tips needed!

[Kiran Ayyagari <ka...@apache.org>]

On Wed, Jun 12, 2013 at 7:55 AM, Timothy Balcer <ti...@telmate.com> wrote:

> Hi folks. I am familiar with OpenLDAP, Kerberos, SASL, GSSAPI.. all the fun
> things you need for transparent SSO in a heterogenous organization :) I'm
> hitting a few walls here that I am guessing folks will be able to help me
> around..so here goes.. and please feel free to point me at RTFM! I have hit
> the google hammer quite a bit on these and have found very little to help.
>
> First - Replication.
>
> Ok.. I have done syncrepl wih OpenLDAP etc, but the draw for me in ApacheDS
> was Multi-master (supposedly available in M12!). I have a need to have
> several geographically distant LDAP masters operating simultaneously, and
> this would be difficult otherwise. Problem: What am I missing? I setup
> three ApacheDS servers running fine. I can connect to each. Lets call them
> s1, s2 and s3. s1 is my local master, so first I setup Replication there,
> using the configuration manager, and pointed it at s2 and s3. I set the
> replication base to be dc=foo, dc=com.. saved the config .. made the
> dc=foo,dc=com partition on the slaves by hand, and then restarted all 3
> servers (s2 and s3 before s1).
>
> are all these replication connections bidirectional(i.e. making s1 a slave
of s2 and s3, making s2 a slave of s1 and s3 etc.) ?
if not they should be, if you have already configured can you show us the
config.ldif files or the relevant parts of it (after stripping
the confidential details)

> Nada!
>
> I created an entry on s1 under dc=foo, dc=com and nothing happened. After
> some futzing around, I even managed to get the entry I created on s1 to
> disappear from s1 (restarting the other servers and then restarting s1
> again) which.. to say the least.. is a bit vexing.
>
> So, do I need to setup some attributes on the other servers by hand? using
> the standard LDIFs? I'm obviously missing something, but this is multi
> master (I am told) and so I am guessing something is sort of working, since
> the entry I created on s1 disappeared! Direction and hints as to process
> are very appreciated!
>
> it should just work with the default settings, so it would help us if we
know your configuration details.

> --
> Timothy Balcer / IT Services
> Telmate / San Francisco, CA
> Direct / (415) 300-4313
> Customer Service / (800) 205-5510
>



-- 
Kiran Ayyagari
http://keydap.com