Howard Wilkinson wrote: > Fedora-ds-1.1.1 on Fedora 7 + (the + is back ports from 8/9, all of > the updates applied, and additional packages I have cross ported) > > I have succeeded in getting a fault tolerant mesh configured that > consists of 2 or more Multi-Master servers, a number of Hub (0+) and a > number of consumers (0+). > > I have done this by modifying mmr.pl to accept --host1_role and > --host2_role parameters which can be set to supplier, hub, or consumer. > > For all of the usual DCROOTs i.e. not o=NetscapeRoot I set the > relationships up as implied i.e. supplier<->supplier for the > Multi-Master Hosts, supplier<->hub, hub<->consumer. > Where the site is too small for hub servers I have gone > supplier<->consumer direct. Inter-site topology and hub grouping > within sites is left as an exercise for the reader (me when it comes > back to bite me...) > > For the o=Netscape I have chosen to use supplier<->supplier > relationships but to apply the same topology. > > Sequence of events are: > > * On first Master > > 1. Install clean environment - erase rpm's delete residual > files, install rpms, patch dirsrv-admin startup to work! > 2. Run setup-ds-admin.pl in silent mode, this adds schema > files. The inf file has SlapdConfigMC=1, UseExistingMC=0 > and points ConfigDirectoryLdapURL to this host. > 3. Set up SSL certs using certutil commands and openssl > supplied certificates from our CA. > 4. Restart dirsrv and dirsrv-admin > 5. Create 2nd and subsequent DCROOTS with default aci's and > "standard" container entries > 6. Preload data into DCROOTS for users and other objects > being migrated. > > * On other servers - doing other masters first, followed by hubs > and then consumers - carry out steps 1-5 above creating the > o=NetscapeRoot DCROOT as well. > o The inf file has SlapdConfigMC=1, UseExistingMC=1 and > points ConfigDirectoryLdapUrl to the first Master > * Then run the mmr.pl script on each connection for each DCROOT > starting with replicating the first master to all other masters, > then to hubs, then other masters to hubs and finally hubs to > consumers. > 1. For o=NetscapeRoot run mmr.pl as supplier<->supplier, > otherwise honor the role played by each server. > 2. Replace entries in cn=UserDirectory, ou=Global > Preferences, ou=<localdomain>, o=NetscapeRoot for > nsDirectoryFailoverList with one for each server other > than the first master which is mentioned in the > nsDirectoryURL entry in the same object. *Is this the > right sort of thing to do?* > Yes. > > 1. On every host alter the cn=Pass Through > Authentication,cn=plugins,cn=config object to have > nssslapd-pluginarg0 to reference that host rather than the > first master. *Is this correct on the consumers (or hubs)?* > Yes. Note that you can specify failover in pass through auth by using a special form of the ldap url. See *http://tinyurl.com/32kjqy* > > 1. I am assuming that this is for authentication not for > password modification purposes! > Right. > > 1. Which brings up the question of where in the consumers and > hubs do I put referrals to the Master(s)? > They are automatically set by the replication protocol. You should not have to do anything. If you attempt to modify a hub or consumer, your client should get LDAP Error 10 and a referral to a master. > > 1. Edit adm.conf on each host to change the ldapurl to point > to the local host. > > Now assuming that this was the right thing to do I now need to set up > referrals for writing to the system from the consumers and hubs back > to the "site" masters. Where do I put this information? > > I am also getting these errors logged on the first master! > > Feb 28 22:00:35 bastion ns-slapd: auxpropfunc error invalid parameter > supplied > Feb 28 22:00:35 bastion ns-slapd: sql_select option missing > Feb 28 22:00:35 bastion ns-slapd: auxpropfunc error no mechanism available I think you can ignore these. > > These are appearing about every 15 minutes. Anybody any idea where > these are coming from? I'm not sure, but the directory server does not support SASL auxprop with sql. > > Finally the shutdown time for the dirsrv servers on the suppliers is > extremely long - orders of minutes, what could be causing this? Are they under load while shutting down? Can you post the shutdown sequence from the error log? > > -- > > Howard Wilkinson > > > > Phone: > > > > +44(20)76907075 > > Coherent Technology Limited > > > > Fax: > > > > > > 23 Northampton Square, > > > > Mobile: > > > > +44(7980)639379 > > United Kingdom, EC1V 0HL > > > > Email: > > > > howard at cohtech.com > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080229/056cbe2d/attachment.bin
