Master is Dead - Promote LDAP Slave to MasterUsing OpenLDAP to proxy to an Novell eDirectory LDAP ServerLDAP...
Why Shazam when there is already Superman?
Are Captain Marvel's powers affected by Thanos' actions in Infinity War
Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?
Strong empirical falsification of quantum mechanics based on vacuum energy density
Quasinilpotent , non-compact operators
How do you respond to a colleague from another team when they're wrongly expecting that you'll help them?
Can a college of swords bard use blade flourish on an OA from dissonant whispers?
What are the balance implications behind making invisible things auto-hide?
What are the advantages of simplicial model categories over non-simplicial ones?
Why did the EU agree to delay the Brexit deadline?
Fear of getting stuck on one programming language / technology that is not used in my country
Is there a RAID 0 Equivalent for RAM?
System.QueryException unexpected token
putting logo on same line but after title, latex
How can I write humor as character trait?
Angel of Condemnation - Exile creature with second ability
What exact color does ozone gas have?
Has any country ever had 2 former presidents in jail simultaneously?
Why can Carol Danvers change her suit colours in the first place?
Pre-mixing cryogenic fuels and using only one fuel tank
Calculating total slots
Does malloc reserve more space while allocating memory?
What is Cash Advance APR?
Biological Blimps: Propulsion
Master is Dead - Promote LDAP Slave to Master
Using OpenLDAP to proxy to an Novell eDirectory LDAP ServerLDAP layout questionOpenldap startup problems after upgradeConfiguring openldap multimaster replication using cn=configOpenLDAP on ArchLinux users cannot change passwdopenLDAPServer: ldapsearch, ldapadd error in ubuntu 12.04OpenLDAP: Index to olcDatabase not respectedOpenLDAP as Proxy(SOLVED) Enable SSL/LDAPS in openLDAP 2.4 on Ubuntu 16.04.5 LTS - ldap_result: Can't contact LDAP server (-1)slapd with mozillaAbPersonAlpha schema
I have inherited an undocumented openLdap setup - one Master server with two slaves. The Master died hard last night - disc corruption - the backup was a clone system on the same server and disk - so that is useless. Users can still authenticate using the two backup server.
Can anyone tell me how to promote one of the slaves to master, then change the other server to point to it? The configuration seems to be in the slapd.conf file on each server - they are similar - a copy is below:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
moduleload accesslog.la
moduleload syncprov.la
moduleload back_bdb.la
database config
rootdn "cn=admin,cn=config"
rootpw {CRYPT}XXXXXXXXXXXXX
database monitor
access to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.base="cn=manager,dc=company,dc=com" read
by * none
database bdb
suffix dc=company,dc=com
rootdn dc=company,dc=com
directory /var/lib/ldap/company.com
index objectclass,entryCSN,entryUUID eq
syncrepl rid=002
provider=ldap://auth1.company.com:389
searchbase="dc=company,dc=com"
type=refreshOnly
interval=00:00:05:00
retry="60 10 300 3"
filter="(objectClass=*)"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=sssd,dc=company,dc=com"
credentials=XXXXXXXXXXXXXX
Thanks for any assistance with this!
Mike
ldap openldap
asked Nov 2 '15 at 20:15
Mike CMike C
161
bumped to the homepage by Community♦ 20 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have inherited an undocumented openLdap setup - one Master server with two slaves. The Master died hard last night - disc corruption - the backup was a clone system on the same server and disk - so that is useless. Users can still authenticate using the two backup server.
Can anyone tell me how to promote one of the slaves to master, then change the other server to point to it? The configuration seems to be in the slapd.conf file on each server - they are similar - a copy is below:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
moduleload accesslog.la
moduleload syncprov.la
moduleload back_bdb.la
database config
rootdn "cn=admin,cn=config"
rootpw {CRYPT}XXXXXXXXXXXXX
database monitor
access to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.base="cn=manager,dc=company,dc=com" read
by * none
database bdb
suffix dc=company,dc=com
rootdn dc=company,dc=com
directory /var/lib/ldap/company.com
index objectclass,entryCSN,entryUUID eq
syncrepl rid=002
provider=ldap://auth1.company.com:389
searchbase="dc=company,dc=com"
type=refreshOnly
interval=00:00:05:00
retry="60 10 300 3"
filter="(objectClass=*)"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=sssd,dc=company,dc=com"
credentials=XXXXXXXXXXXXXX
Thanks for any assistance with this!
Mike
ldap openldap
asked Nov 2 '15 at 20:15
Mike CMike C
161
bumped to the homepage by Community♦ 20 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
The king is dead. Long live the king.
– Joel Coel
Nov 2 '15 at 20:23
So no chance of recovering the disk? It has physical damage? Have you tried Spinrite?
– Edwin
Nov 2 '15 at 20:42
The master is a hosted instance inside a hosting provider - bad journal. The recovery would be read-only if possible
– Mike C
Nov 2 '15 at 20:56
It looks like your replicas don't have any ACLs. I hope you don't store authentication information on them.
– 84104
Nov 3 '15 at 19:17
add a comment |
I have inherited an undocumented openLdap setup - one Master server with two slaves. The Master died hard last night - disc corruption - the backup was a clone system on the same server and disk - so that is useless. Users can still authenticate using the two backup server.
Can anyone tell me how to promote one of the slaves to master, then change the other server to point to it? The configuration seems to be in the slapd.conf file on each server - they are similar - a copy is below:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
moduleload accesslog.la
moduleload syncprov.la
moduleload back_bdb.la
database config
rootdn "cn=admin,cn=config"
rootpw {CRYPT}XXXXXXXXXXXXX
database monitor
access to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.base="cn=manager,dc=company,dc=com" read
by * none
database bdb
suffix dc=company,dc=com
rootdn dc=company,dc=com
directory /var/lib/ldap/company.com
index objectclass,entryCSN,entryUUID eq
syncrepl rid=002
provider=ldap://auth1.company.com:389
searchbase="dc=company,dc=com"
type=refreshOnly
interval=00:00:05:00
retry="60 10 300 3"
filter="(objectClass=*)"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=sssd,dc=company,dc=com"
credentials=XXXXXXXXXXXXXX
Thanks for any assistance with this!
Mike
ldap openldap
asked Nov 2 '15 at 20:15
Mike CMike C
161
I have inherited an undocumented openLdap setup - one Master server with two slaves. The Master died hard last night - disc corruption - the backup was a clone system on the same server and disk - so that is useless. Users can still authenticate using the two backup server.
Can anyone tell me how to promote one of the slaves to master, then change the other server to point to it? The configuration seems to be in the slapd.conf file on each server - they are similar - a copy is below:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
moduleload accesslog.la
moduleload syncprov.la
moduleload back_bdb.la
database config
rootdn "cn=admin,cn=config"
rootpw {CRYPT}XXXXXXXXXXXXX
database monitor
access to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.base="cn=manager,dc=company,dc=com" read
by * none
database bdb
suffix dc=company,dc=com
rootdn dc=company,dc=com
directory /var/lib/ldap/company.com
index objectclass,entryCSN,entryUUID eq
syncrepl rid=002
provider=ldap://auth1.company.com:389
searchbase="dc=company,dc=com"
type=refreshOnly
interval=00:00:05:00
retry="60 10 300 3"
filter="(objectClass=*)"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=sssd,dc=company,dc=com"
credentials=XXXXXXXXXXXXXX
Thanks for any assistance with this!
Mike
ldap openldap
ldap openldap
asked Nov 2 '15 at 20:15
Mike CMike C
161
asked Nov 2 '15 at 20:15
Mike CMike C
161
asked Nov 2 '15 at 20:15
Mike CMike C
161
asked Nov 2 '15 at 20:15
Mike CMike C
161
asked Nov 2 '15 at 20:15
Mike CMike C
161
161
bumped to the homepage by Community♦ 20 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 20 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
The king is dead. Long live the king.
– Joel Coel
Nov 2 '15 at 20:23
So no chance of recovering the disk? It has physical damage? Have you tried Spinrite?
– Edwin
Nov 2 '15 at 20:42
The master is a hosted instance inside a hosting provider - bad journal. The recovery would be read-only if possible
– Mike C
Nov 2 '15 at 20:56
It looks like your replicas don't have any ACLs. I hope you don't store authentication information on them.
– 84104
Nov 3 '15 at 19:17
add a comment |
The king is dead. Long live the king.
– Joel Coel
Nov 2 '15 at 20:23
So no chance of recovering the disk? It has physical damage? Have you tried Spinrite?
– Edwin
Nov 2 '15 at 20:42
The master is a hosted instance inside a hosting provider - bad journal. The recovery would be read-only if possible
– Mike C
Nov 2 '15 at 20:56
It looks like your replicas don't have any ACLs. I hope you don't store authentication information on them.
– 84104
Nov 3 '15 at 19:17
The king is dead. Long live the king.
– Joel Coel
Nov 2 '15 at 20:23
The king is dead. Long live the king.
– Joel Coel
Nov 2 '15 at 20:23
So no chance of recovering the disk? It has physical damage? Have you tried Spinrite?
– Edwin
Nov 2 '15 at 20:42
So no chance of recovering the disk? It has physical damage? Have you tried Spinrite?
– Edwin
Nov 2 '15 at 20:42
The master is a hosted instance inside a hosting provider - bad journal. The recovery would be read-only if possible
– Mike C
Nov 2 '15 at 20:56
The master is a hosted instance inside a hosting provider - bad journal. The recovery would be read-only if possible
– Mike C
Nov 2 '15 at 20:56
It looks like your replicas don't have any ACLs. I hope you don't store authentication information on them.
– 84104
Nov 3 '15 at 19:17
It looks like your replicas don't have any ACLs. I hope you don't store authentication information on them.
– 84104
Nov 3 '15 at 19:17
add a comment |
1 Answer
1
active
oldest
votes
It could be as easy as deleting whole syncrepl section on one slave, than modify provider setting on the other slave to point to the first one.
As I understand, the syncrepl bind user, cn=sssd,dc=company,dc=com is replicated, so it's present in all nodes, so no need to change the authentication section.
Best luck, anyhow.
answered Nov 3 '15 at 7:39
473183469473183469
977617
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f733390%2fmaster-is-dead-promote-ldap-slave-to-master%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
It could be as easy as deleting whole syncrepl section on one slave, than modify provider setting on the other slave to point to the first one.
As I understand, the syncrepl bind user, cn=sssd,dc=company,dc=com is replicated, so it's present in all nodes, so no need to change the authentication section.
Best luck, anyhow.
answered Nov 3 '15 at 7:39
473183469473183469
977617
add a comment |
It could be as easy as deleting whole syncrepl section on one slave, than modify provider setting on the other slave to point to the first one.
As I understand, the syncrepl bind user, cn=sssd,dc=company,dc=com is replicated, so it's present in all nodes, so no need to change the authentication section.
Best luck, anyhow.
answered Nov 3 '15 at 7:39
473183469473183469
977617
add a comment |
It could be as easy as deleting whole syncrepl section on one slave, than modify provider setting on the other slave to point to the first one.
As I understand, the syncrepl bind user, cn=sssd,dc=company,dc=com is replicated, so it's present in all nodes, so no need to change the authentication section.
Best luck, anyhow.
answered Nov 3 '15 at 7:39
473183469473183469
977617
It could be as easy as deleting whole syncrepl section on one slave, than modify provider setting on the other slave to point to the first one.
As I understand, the syncrepl bind user, cn=sssd,dc=company,dc=com is replicated, so it's present in all nodes, so no need to change the authentication section.
Best luck, anyhow.
answered Nov 3 '15 at 7:39
473183469473183469
977617
answered Nov 3 '15 at 7:39
473183469473183469
977617
answered Nov 3 '15 at 7:39
473183469473183469
977617
answered Nov 3 '15 at 7:39
473183469473183469
977617
977617
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f733390%2fmaster-is-dead-promote-ldap-slave-to-master%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
The king is dead. Long live the king.
– Joel Coel
Nov 2 '15 at 20:23
So no chance of recovering the disk? It has physical damage? Have you tried Spinrite?
– Edwin
Nov 2 '15 at 20:42
The master is a hosted instance inside a hosting provider - bad journal. The recovery would be read-only if possible
– Mike C
Nov 2 '15 at 20:56
It looks like your replicas don't have any ACLs. I hope you don't store authentication information on them.
– 84104
Nov 3 '15 at 19:17