Setting DPS As Replication Hub - Part 2: Replication to SQL and LDAP

Rationale

So you need to maintain some data in both LDAP and an SQL database?

As we've seen in part 1 of this tutorial, the replication distribution algorithm allows to duplicate write traffic between data views. Thanks to DPS support of both LDAP data views and JDBC data views, we can do the same as in  part 1 but use one SQL data base in place of "store B". In this example, I will use MySQL but this works on IBM DB2, Oracle, hsql or any other data base with a jdbc driver.

Bird's Eye View

The Meat

  1. Configure the LDAP Store A. See here
  2. Configure the SQL Store B. See here
  3. Configure the Replication Distribution Algorithm Between Them
If like me you are lazy or unwilling to jump to another page, the whole procedure is also described below:

Store A Back End Setup: Directory Server

$ echo password > /tmp/pwd
$ dsadm create -p 1389 -P 1636 -D cn=dsadmin -w /tmp/pwd ds
Use 'dsadm start 'ds'' to start the instance
$ dsadm start ds
Directory Server instance '/path/to/sun/dsee/6.3/replication2/ds' started: pid=1836
$ dsconf create-suffix -D cn=dsadmin dc=example,dc=com
$ cat admin.ldif
dn: cn=admin,dc=example,dc=com
objectClass: person
cn: admin
sn: administrator
userPassword: password
$ ldapadd -p 1389 -D cn=dsadmin -w password  < admin.ldif
adding new entry cn=admin,dc=example,dc=com
arnaud@nullpointerexception:/path/to/sun/dsee/6.3/replication2$  ldapmodify -p 1389 -D cn=dsadmin -w password
dn: dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr=\*) (version 3.0; acl "allow all";allow(all) userdn="ldap:///anyone";)

modifying entry dc=example,dc=com

\^C

 Store A Configuration In DPS


$ dpconf create-ldap-data-source sourceA localhost:1389
$ dpconf create-ldap-data-source-pool poolA
$ dpconf attach-ldap-data-source poolA sourceA
$ dpconf set-attached-ldap-data-source-prop poolA sourceA add-weight:1 bind-weight:1 delete-weight:1
$ dpconf set-attached-ldap-data-source-prop poolA sourceA add-weight:1 bind-weight:1 delete-weight:1 modify-weight:1 search-weight:1
$ dpconf create-ldap-data-view viewA poolA dc=example,dc=com

 Store B Configuration In DPS: MySQL

For this example I have assumed that we already had a running instance of DPS with a data base named "replication" that contains a single table "users" with a single row of data. This row is the admin user entry.

$ dpconf create-jdbc-data-source -b replication -B jdbc:mysql:/// -J file:/path/to/apps/mysql-connector-java-5.1.6/mysql-connector-java-5.1.6-bin.jar -S com.mysql.jdbc.Driver sourceB
$ dpconf set-jdbc-data-source-prop sourceB db-user:root db-pwd-file:/tmp/pwd
The proxy server will need to be restarted in order for the changes to take effect
$ dpadm restart dps
Directory Proxy Server instance '/path/to/sun/dsee/6.3/replication2/dps' stopped
Directory Proxy Server instance '/path/to/sun/dsee/6.3/replication2/dps' started: pid=2020
$ dpconf create-jdbc-data-source-pool poolB
$ dpconf attach-jdbc-data-source poolB sourceB
$ dpconf create-jdbc-data-view viewB poolB dc=example,dc=com
$ dpconf create-jdbc-table dpsUsersTable users
$ dpconf add-jdbc-attr dpsUsersTable sn id
$ dpconf add-jdbc-attr dpsUsersTable cn name
$ dpconf add-jdbc-attr dpsUsersTable userPassword password
$ dpconf create-jdbc-object-class viewB person dpsUsersTable cn
$ dpconf set-jdbc-attr-prop dpsUsersTable sn sql-syntax:INT
$ ldapmodify -p 7777 -D cn=dpsadmin -w password
dn: cn=permissive_aci,cn=virtual access controls
changetype: add
objectClass: aciSource
dpsAci: (targetAttr="\*") (version 3.0;acl "Be lenient";allow(all) userdn="ldap:///anyone";)
cn: permissive_aci

adding new entry cn=permissive_aci,cn=virtual access controls

$ dpconf set-connection-handler-prop "default connection handler" aci-source:permissive_aci

Replication Configuration Between Directory Server And MySQL 

$ dpconf set-ldap-data-view-prop viewA distribution-algorithm:replication replication-role:master
The proxy server will need to be restarted in order for the changes to take effect
$ dpconf set-jdbc-data-view-prop viewB distribution-algorithm:replication replication-role:master
The proxy server will need to be restarted in order for the changes to take effect
$ ldapmodify -p 7777 -D cn=dpsadmin -w password
dn: cn=viewA,cn=data views,cn=config
changetype: modify
add: distributionDataViewType
distributionDataViewType: read

modifying entry cn=viewA,cn=data views,cn=config

\^C

$ dpadm restart dps
Directory Proxy Server instance '/path/to/sun/dsee/6.3/replication2/dps' stopped
Directory Proxy Server instance '/path/to/sun/dsee/6.3/replication2/dps' started: pid=2258

Testing Replication To Both Data Stores 

$ cat add.ldif
dn: cn=user,dc=example,dc=com
objectClass: person
cn: user
sn: 1
userPassword: password

$ ldapadd -p 7777 -D cn=admin,dc=example,dc=com -w password < add.ldif
adding new entry cn=user,dc=example,dc=com

$ ldapsearch -p 1389 -b dc=example,dc=com "(cn=user)"
version: 1
dn: cn=user,dc=example,dc=com
objectClass: person
objectClass: top
cn: user
sn: 1
userPassword: {SSHA}6knZSKvWHj5LKwZ5jUmyYVqxQAQKFRd0rziYXA==

$ /usr/mysql/bin/mysql
Welcome to the MySQL monitor.  Commands end with ; or \\g.
Your MySQL connection id is 57
Server version: 5.0.45 Source distribution

Type 'help;' or '\\h' for help. Type '\\c' to clear the buffer.

mysql> use replication;
Database changed
mysql> select \* from users;
+------+-------+----------+
| id   | name  | password |
+------+-------+----------+
|    0 | admin | password |
|    1 | user  | password |
+------+-------+----------+
2 rows in set (0.00 sec)

mysql> 

Caveats

    You need to remember a couple of important things:

  • Authenticate as a user present in both data stores. "cn=Directory Manager" is not going to work for multiple reasons that I won't describe in detail here but heterogeneous data stores come with some constraints.
  • Make sure the user has the proper rights to manipulate data on both data stores.
<script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-12162483-1"); pageTracker._trackPageview(); } catch(err) {}</script>
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Directory Services Tutorials, Utilities, Tips and Tricks

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today