Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   questions about 2 node multi-master setup (http://www.linux-archive.org/fedora-directory/151031-questions-about-2-node-multi-master-setup.html)

Luke Schierer 08-29-2008 07:06 PM

questions about 2 node multi-master setup
 
Hi,
I just set up Fedora Directory Server on two nodes, and have set up
multi-master replication between them following the directions at
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL

It seems to mostly work, but I have a few questions.

1)After initializing nodeB and restarting nodesA and B, I can no
longer connect to nodeB with the Console application. If I type in
its hostname, it connects, but I can only open up the slapd directory
if nodeA is up. I can continue to log into nodes authenticating
against the pair, and I can use the command line utities to connect to
nodeB. Any ideas what I might be doing wrong?


2)if I change a password (using the passwd command on a client) while
nodeA is down, or add a user with ldapmodify while nodeA is down, the
change does not seem to replicate back to nodeA after it comes back
up. Do I have to force an initialization in such cases?

Thanks,
Luke

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Luke Schierer 09-02-2008 05:00 PM

questions about 2 node multi-master setup
 
On Fri, Aug 29, 2008 at 03:06:04PM -0400, Luke Schierer wrote:
> Hi,
> I just set up Fedora Directory Server on two nodes, and have set up
> multi-master replication between them following the directions at
> http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
>
> It seems to mostly work, but I have a few questions.
>
> 1)After initializing nodeB and restarting nodesA and B, I can no
> longer connect to nodeB with the Console application. If I type in
> its hostname, it connects, but I can only open up the slapd directory
> if nodeA is up. I can continue to log into nodes authenticating
> against the pair, and I can use the command line utities to connect to
> nodeB. Any ideas what I might be doing wrong?
>
>
> 2)if I change a password (using the passwd command on a client) while
> nodeA is down, or add a user with ldapmodify while nodeA is down, the
> change does not seem to replicate back to nodeA after it comes back
> up. Do I have to force an initialization in such cases?
>
> Thanks,
> Luke

A couple of additional details. This is on a 32-bit Redhat Enterprise
5 server. The first issue only happens if I set it to replicate
ou=NetscapeRoot, which appears to be necessary for the global password
policy to replicate. Is there a better way to achieve this?

I tried using the fdstool script in one archived email, but that gave
me errors when I tried to run it, and so I turned to the more manual
instructions in the MultimasterSSL guide. I removed my fedora-ds
install between trying with the script and doing it myself following
the guide.

Thanks,
Luke


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson 09-02-2008 05:19 PM

questions about 2 node multi-master setup
 
Luke Schierer wrote:

On Fri, Aug 29, 2008 at 03:06:04PM -0400, Luke Schierer wrote:


Hi,
I just set up Fedora Directory Server on two nodes, and have set up
multi-master replication between them following the directions at
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL

It seems to mostly work, but I have a few questions.

1)After initializing nodeB and restarting nodesA and B, I can no
longer connect to nodeB with the Console application. If I type in
its hostname, it connects, but I can only open up the slapd directory
if nodeA is up. I can continue to log into nodes authenticating
against the pair, and I can use the command line utities to connect to
nodeB. Any ideas what I might be doing wrong?


2)if I change a password (using the passwd command on a client) while
nodeA is down, or add a user with ldapmodify while nodeA is down, the
change does not seem to replicate back to nodeA after it comes back
up. Do I have to force an initialization in such cases?

Thanks,
Luke



A couple of additional details. This is on a 32-bit Redhat Enterprise
5 server. The first issue only happens if I set it to replicate
ou=NetscapeRoot, which appears to be necessary for the global password
policy to replicate.

I don't think that is true. What leads you to believe that?

Is there a better way to achieve this?


Have you seen this - http://tinyurl.com/6apcfq

I tried using the fdstool script in one archived email, but that gave
me errors when I tried to run it, and so I turned to the more manual
instructions in the MultimasterSSL guide. I removed my fedora-ds
install between trying with the script and doing it myself following
the guide.


Thanks,
Luke


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Luke Schierer 09-02-2008 07:00 PM

questions about 2 node multi-master setup
 
On Tue, Sep 02, 2008 at 11:19:55AM -0600, Rich Megginson wrote:
> Luke Schierer wrote:
>> On Fri, Aug 29, 2008 at 03:06:04PM -0400, Luke Schierer wrote:
>>
>>> Hi,
>>> I just set up Fedora Directory Server on two nodes, and have set up
>>> multi-master replication between them following the directions at
>>> http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
>>>
>>> It seems to mostly work, but I have a few questions.
>>>
>>> 1)After initializing nodeB and restarting nodesA and B, I can no
>>> longer connect to nodeB with the Console application. If I type in
>>> its hostname, it connects, but I can only open up the slapd directory
>>> if nodeA is up. I can continue to log into nodes authenticating
>>> against the pair, and I can use the command line utities to connect to
>>> nodeB. Any ideas what I might be doing wrong?
>>>
>>>
>>> 2)if I change a password (using the passwd command on a client) while
>>> nodeA is down, or add a user with ldapmodify while nodeA is down, the
>>> change does not seem to replicate back to nodeA after it comes back
>>> up. Do I have to force an initialization in such cases?
>>>
>>> Thanks,
>>> Luke
>>>
>>
>> A couple of additional details. This is on a 32-bit Redhat Enterprise
>> 5 server. The first issue only happens if I set it to replicate
>> ou=NetscapeRoot, which appears to be necessary for the global password
>> policy to replicate.
> I don't think that is true. What leads you to believe that?

Because I tried once without having the ou=NetscapeRoot set to
replicate, and the password policy did not show as set on the other
console. Still, perhaps I did something wrong.

>> Is there a better way to achieve this?
>>
> Have you seen this - http://tinyurl.com/6apcfq

I had not, my fault for now reading the full manual it appears, as it
has extra steps for setting up the second instance. I will try with
these directions.

Thanks for the pointer!!

Luke

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson 09-02-2008 07:04 PM

questions about 2 node multi-master setup
 
Luke Schierer wrote:

On Tue, Sep 02, 2008 at 11:19:55AM -0600, Rich Megginson wrote:


Luke Schierer wrote:


On Fri, Aug 29, 2008 at 03:06:04PM -0400, Luke Schierer wrote:



Hi,
I just set up Fedora Directory Server on two nodes, and have set up
multi-master replication between them following the directions at
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL

It seems to mostly work, but I have a few questions.

1)After initializing nodeB and restarting nodesA and B, I can no
longer connect to nodeB with the Console application. If I type in
its hostname, it connects, but I can only open up the slapd directory
if nodeA is up. I can continue to log into nodes authenticating
against the pair, and I can use the command line utities to connect to
nodeB. Any ideas what I might be doing wrong?


2)if I change a password (using the passwd command on a client) while
nodeA is down, or add a user with ldapmodify while nodeA is down, the
change does not seem to replicate back to nodeA after it comes back
up. Do I have to force an initialization in such cases?

Thanks,
Luke



A couple of additional details. This is on a 32-bit Redhat Enterprise
5 server. The first issue only happens if I set it to replicate
ou=NetscapeRoot, which appears to be necessary for the global password
policy to replicate.


I don't think that is true. What leads you to believe that?



Because I tried once without having the ou=NetscapeRoot set to
replicate, and the password policy did not show as set on the other
console. Still, perhaps I did something wrong.

That's really weird - the global password policy is stored in cn=config,
not in o=NetscapeRoot, so I'm not sure why replication would have
anything to do with this.


Is there a better way to achieve this?



Have you seen this - http://tinyurl.com/6apcfq



I had not, my fault for now reading the full manual it appears, as it
has extra steps for setting up the second instance. I will try with
these directions.

Thanks for the pointer!!

Luke

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users


All times are GMT. The time now is 10:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.