FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 09-21-2010, 01:09 PM
Jason Forde
 
Default Configuration Directory Server

Hello,



I am at the early stages of building and testing a 2 Master directory
server setup trying to work out what to do with the configuration
directory server.



I initially had it setup on one server1 with server2 using this, but
then if server1 goes down the console access for server2 is broken.* I
have been trying to replicate the netscaperoot with little success
(probably down to my confusion on what to put in the 'server2.inf' and
ldif files) and wondered do I really have to replicate netscaperoot?*
What would be the implication of each master having their own
netscaperoot and not replicating?



Its quite a basic setup and we have 2 existing masters elsewhere setup
like this, so if I don't need to do this I'd like to keep it simple and have 2 seperate netscaperoots - even if it meant having to update 2 seperate servers, though I dont believe we have had to do this on the other deployment yet.


Pointers appreciated.

J

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 09-21-2010, 01:19 PM
Rich Megginson
 
Default Configuration Directory Server

Jason Forde wrote:
> Hello,
>
> I am at the early stages of building and testing a 2 Master directory
> server setup trying to work out what to do with the configuration
> directory server.
http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Replication-Replicating-ADS-for-Failover.html
>
> I initially had it setup on one server1 with server2 using this, but
> then if server1 goes down the console access for server2 is broken. I
> have been trying to replicate the netscaperoot with little success
> (probably down to my confusion on what to put in the 'server2.inf' and
> ldif files) and wondered do I really have to replicate netscaperoot?
> What would be the implication of each master having their own
> netscaperoot and not replicating?
It just means that you have to connect to the console on each machine,
and each console would only show the admin server and directory servers
on that machine. You won't have the centralized console. When you set
up replication in the console, it won't show you the other servers,
you'll have to input the hostnames and ports manually. Other than that,
everything should work just fine.
>
> Its quite a basic setup and we have 2 existing masters elsewhere setup
> like this, so if I don't need to do this I'd like to keep it simple
> and have 2 seperate netscaperoots - even if it meant having to update
> 2 seperate servers, though I dont believe we have had to do this on
> the other deployment yet.
>
> Pointers appreciated.
>
> J
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 09-21-2010, 04:43 PM
"Ryan Braun [ADS]"
 
Default Configuration Directory Server

On September 21, 2010 01:09:49 pm Jason Forde wrote:
> Hello,
>
> I am at the early stages of building and testing a 2 Master directory
> server setup trying to work out what to do with the configuration directory
> server.
>
> I initially had it setup on one server1 with server2 using this, but then
> if server1 goes down the console access for server2 is broken. I have been
> trying to replicate the netscaperoot with little success (probably down to
> my confusion on what to put in the 'server2.inf' and ldif files) and
> wondered do I really have to replicate netscaperoot? What would be the
> implication of each master having their own netscaperoot and not
> replicating?
>
> Its quite a basic setup and we have 2 existing masters elsewhere setup like
> this, so if I don't need to do this I'd like to keep it simple and have 2
> seperate netscaperoots - even if it meant having to update 2 seperate
> servers, though I dont believe we have had to do this on the other
> deployment yet.
>
> Pointers appreciated.

When I'm setting up my MMR servers to replicate their databases (including
o=netscaperoot), I usually follow the following order (off the top of my
head anyhow).

1. Run setup-ds-admin.pl on one machine. (call this the master for now)
2. Setup and configure encryption on the master
3. run setup-ds.pl on any other MMR servers.
4. Setup encryption on the other MMR servers. (confirm all the servers can
talk TLS/SSL to each other)
5. create the o=netscaperoot suffix on the other servers (see ldif below)
6. Configure whatever replication agreements you want for o=netscaperoot
7. init those agreements on the master (this should send o=netscaperoot to
all the other servers)
8. on the other servers, run register-ds-admin.pl and register the admin
server with itself (*not the master server*)

If you look on your master server's o=netscaperoot, you should see the
entries for the other servers as you register them.

>From what I can tell, this will allow you (with some work) to point a servers
config directory to another server, but does not allow for automatic
failover to another configuration server if the local instance fails.

cat ns.ldif
--------
dn: cn="o=netscaperoot", cn=mapping tree, cn=config
changetype: add
nsslapd-state: backend
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: "o=netscaperoot"
cn: o=netscaperoot
nsslapd-backend: NetscapeRoot

dn: cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: o=netscaperoot
cn: NetscapeRoot

ldapadd -x -h TARGETSERVER -D "cn=directory manager" -W -f ldif/ns.ldif


Ryan Braun
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558
E-Mail: Ryan.Braun@ec.gc.ca
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 09-21-2010, 06:50 PM
"Edward Z. Yang"
 
Default Configuration Directory Server

Hey Jason,

You may find this document I wrote up documenting our replication setup
useful:

http://scripts.mit.edu/trac/browser/branches/fc13-dev/server/doc/install-ldap

(Scroll down to "Set up replication")

Cheers,
Edward
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 08:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org