[Freeipa-users] bind-dyndb-ldap 4.1 upgrade
Brendan Kearney
bpk678 at gmail.com
Tue Mar 4 13:26:07 UTC 2014
On Tue, 2014-03-04 at 14:11 +0100, Petr Spacek wrote:
> Hello,
>
> On 3.3.2014 22:57, Brendan Kearney wrote:
> > Which distribution version you use? Fedora 20, with latest updates
> > What plugin version you use? bind-dyndb-ldap-3.5-1.fc20.x86_64
>
> Please make sure that you read and follow
> https://www.redhat.com/archives/freeipa-interest/2014-February/msg00001.html
> before you upgrade bind-dyndb-ldap to version 4.x.
>
> The bind-dyndb-ldap 4.1 is being pushed to Fedora-updates repo right now.
>
> I will comment on your configuration in-line:
> > Do you use bind-dyndb-ldap as part of FreeIPA installation? no, using
> > openldap-servers-2.4.39-2.fc20.x86_64
> Please make sure that syncrepl provider is configured on your LDAP server.
> Syncrepl support on server side is *required* from version 4.0.
>
> > Please provide dynamic-db section from configuration
> > file /etc/named.conf
> > dynamic-db "my-domain.com" {
> > library "ldap.so";
> > arg "uri ldap://127.0.0.1/";
> > arg "base cn=dns,dc=my-domain,dc=com";
> > arg "auth_method simple";
> > arg "bind_dn cn=Manager,dc=my-domain,dc=com";
> > arg "password *****";
> > arg "psearch no";
> This option was removed (replaced by mandatory syncrepl).
>
> > // arg "serial_autoincrement yes";
> This feature is now mandatory so the option was removed. Please make sure that
> bind-dyndb-ldap has write access to the configured sub-tree.
>
> > arg "sync_ptr yes";
> > arg "dyn_update yes";
> > arg "connections 2";
> > arg "cache_ttl 300";
> This option was removed (replaced by mandatory syncrepl).
>
> > arg "verbose_checks yes";
> > };
>
> I hope this helps to prevent surprise after upgrade.
>
> Let us know if you encounter any problems!
>
syncrepl is configured and i am using it for N-Way Multi Master
Replication between 2 hosts. are there specific configs i need to
add/change for the bind-dyndb-ldap piece?
More information about the Freeipa-users
mailing list