[Kolab-devel] fix ldap replication between more then two hosts
Jan Kowalsky
jankow at datenkollektiv.net
Tue Aug 20 12:26:55 CEST 2019
Hi all,
I have some comments to the ldap replication feature which is provided
in php-Net_LDAP3.
A couple of month ago we realized that the ldap replication was suddenly
broken. Adding new domains to an already replicated ldap directory
resulted in incomplete replica objects. They where e.g. missing the
nsDS5ReplicaBindDN
Attribute.
While I tried to understand and debug this, I found now an fix:
commit 56371ea520949289745915377f678e7e97218b2d
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Wed Aug 7 11:37:05 2019 +0000
Replace four get_entry_attribute() calls with one get_entry_attributes()
@Thanks Alex - this is great
(By the way: this is not displayed on
https://git.kolab.org/diffusion/PNL/history/master/lib/Net/LDAP3.php).
While replication between two servers works fine now - it does't with
more then two servers.
I filed a bug two years ago: https://git.kolab.org/T3283 and a diff
(https://git.kolab.org/D555) which is still waiting for review.
It would be great if someone could have a look.
Another thing: We have an usecase of ldap replication where not all
suffixes/domains should be replicated in the same way. For example we
replicate some domains to local networks for posix/samba logins on
workstations. These replicas should of course only include the one
domain of the specific customer. So it would be pretty helpful if we
could make this configurable: I think about an option in kolab.conf
like:
replica_hosts = ldap0.example.org, ldap1.example.org,
In lib/Auth/LDAP.php we had to change
--- LDAP.php.orig 2019-06-27 11:20:50.100530702 +0200
+++ LDAP.php 2019-06-27 11:22:41.574328496 +0200
@@ -115,6 +115,13 @@
}
$this->config_set("root_dn", $root_dn);
+
+ // look for configuration of replica hosts
+ $conf_replica_hosts = $this->conf->get_list('ldap',
'replica_hosts');
+ if (!empty($conf_replica_hosts)) {
+ $this->config_set('replica_hosts', $conf_replica_hosts);
+ }
+
}
/**********************************************************
Generally: Since it is not documentated at all, I wonder who is using
the replication features from php-net-ldap3.
Kind regards
Jan
More information about the devel
mailing list