[Freeipa-users] bind-dyndb-ldap 4.1 upgrade

Petr Spacek pspacek at redhat.com
Tue Mar 4 13:38:37 UTC 2014 

On 4.3.2014 14:26, Brendan Kearney wrote:
> On Tue, 2014-03-04 at 14:11 +0100, Petr Spacek wrote:
>> Hello,
>>
>> On 3.3.2014 22:57, Brendan Kearney wrote:
>>   > Which distribution version you use? Fedora 20, with latest updates
>>   > What plugin version you use? bind-dyndb-ldap-3.5-1.fc20.x86_64
>>
>> Please make sure that you read and follow
>> https://www.redhat.com/archives/freeipa-interest/2014-February/msg00001.html
>> before you upgrade bind-dyndb-ldap to version 4.x.
>>
>> The bind-dyndb-ldap 4.1 is being pushed to Fedora-updates repo right now.
>>
>> I will comment on your configuration in-line:
>>> Do you use bind-dyndb-ldap as part of ​FreeIPA installation? no, using
>>> openldap-servers-2.4.39-2.fc20.x86_64
>> Please make sure that syncrepl provider is configured on your LDAP server.
>> Syncrepl support on server side is *required* from version 4.0.
>>
>>> Please provide dynamic-db section from configuration
>>> file /etc/named.conf
>>> dynamic-db "my-domain.com" {
>>>               library "ldap.so";
>>>            arg "uri ldap://127.0.0.1/";
>>>               arg "base cn=dns,dc=my-domain,dc=com";
>>>            arg "auth_method simple";
>>>       arg "bind_dn cn=Manager,dc=my-domain,dc=com";
>>>       arg "password *****";
>>>       arg "psearch no";
>> This option was removed (replaced by mandatory syncrepl).
>>
>>>       // arg "serial_autoincrement yes";
>> This feature is now mandatory so the option was removed. Please make sure that
>> bind-dyndb-ldap has write access to the configured sub-tree.
>>
>>>       arg "sync_ptr yes";
>>>       arg "dyn_update yes";
>>>       arg "connections 2";
>>>            arg "cache_ttl 300";
>> This option was removed (replaced by mandatory syncrepl).
>>
>>>       arg "verbose_checks yes";
>>> };
>>
>> I hope this helps to prevent surprise after upgrade.
>>
>> Let us know if you encounter any problems!
>>
>
> syncrepl is configured and i am using it for N-Way Multi Master
> Replication between 2 hosts.  are there specific configs i need to
> add/change for the bind-dyndb-ldap piece?

I'm not aware of any, it should 'just work'. Version 4.0 requires a writable 
working directory but it is provided by RPM package so you should be ready for 
upgrade.

Enjoy :-)

-- 
Petr^2 Spacek

More information about the Freeipa-users mailing list