In my testing lab, I have setup 2 servers using MMR replicating both userroot and netscaperoot. All replication is working between the 2 servers. My 3rd server, a consumer read-only replica of userroot, I registered to the first of the 2 MMR servers. My question, is how do I configure the slave server to be able to contact the second (or any other) MMR server to get is admin server configs automatically if the first server ever goes boom? Eventually we will have 4 MMR servers, 2 groups of 2 with ip takeover style HA, for example westldap.example.com (virtual ip) westldap0.example.com westldap1.example.com eastldap.example.com (virtual ip) eastldap0.example.com eastldap1.example.com On the slave server, adm.conf looks like so (with host specific details replaced). Would I just add another ldapurl option? And would the server be smart enough to fail over to the next server listed? AdminDomain: example.com sysuser: nobody isie: cn=389 Administration Server, cn=Server Group, cn=ywgsrvr4.example.com, ou=example.com, o=NetscapeRoot SuiteSpotGroup: nogroup sysgroup: nogroup userdn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot ldapurl: ldap://srvr0.example.com:389/o=NetscapeRoot SuiteSpotUserID: nobody sie: cn=admin-serv-srvr4, cn=389 Administration Server, cn=Server Group, cn=srvr4.example.com, ou=example.com, o=NetscapeRoot Also, on the slave server I found this in dse.ldif dn: cn=Pass Through Authentication,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: Pass Through Authentication nsslapd-pluginPath: libpassthru-plugin nsslapd-pluginInitfunc: passthruauth_init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginarg0: ldap://srvr0.example.com:389/o=NetscapeRoot nsslapd-pluginId: passthruauth nsslapd-pluginVersion: 1.2.1 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: pass through authentication plugin I am guessing this pass thru allows me to login to the admin server on srvr0.example.com, and then allow me access to the slave server. If so, I would assume I would need an entry like this for each MMR server? Would I need a whole entry? or just stack the nsslapd-pluginarg0 attribute with all the servers ie dn: cn=Pass Through Authentication,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: Pass Through Authentication nsslapd-pluginPath: libpassthru-plugin nsslapd-pluginInitfunc: passthruauth_init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginarg0: ldap://srvr0.example.com:389/o=NetscapeRoot nsslapd-pluginarg0: ldap://srvr1.example.com:389/o=NetscapeRoot nsslapd-pluginarg0: ldap://srvr.example.com:389/o=NetscapeRoot nsslapd-pluginId: passthruauth nsslapd-pluginVersion: 1.2.1 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: pass through authentication plugin All servers are running debian etch|lenny with the following versions ii port389-admin 1.1.8 Fedora Administration Server (admin) ii port389-adminutil 1.1.8 Utility library for directory server adminis ii port389-base 1.2.1 Fedora Directory Server (base) Thanks Ryan
