[389-users] Specifying failover configuration servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ryan Braun [ADS] wrote:
> In my testing lab,  I have setup 2 servers using MMR replicating both userroot 
> and netscaperoot.  All replication is working between the 2 servers.  My 3rd 
> server,  a consumer read-only replica of userroot, I registered to the first 
> of the 2 MMR servers.  My question,  is how do I configure the slave server 
> to be able to contact the second (or any other) MMR server to get is admin 
> server configs automatically if the first server ever goes boom?  Eventually 
> we will have 4 MMR servers,  2 groups of 2 with ip takeover style HA, for 
> example
>
> westldap.example.com (virtual ip)
> westldap0.example.com
> westldap1.example.com
> eastldap.example.com (virtual ip)
> eastldap0.example.com
> eastldap1.example.com
>
> On the slave server,  adm.conf looks like so (with host specific details 
> replaced).  Would I just add another ldapurl option?
No, unfortunately it's not that smart.  Unfortunately, failover is 
manual.  Please file a bugzilla to request failover.
> And would the server be 
> smart enough to fail over to the next server listed?
>
> AdminDomain: example.com
> sysuser: nobody
> isie: cn=389 Administration Server, cn=Server Group, cn=ywgsrvr4.example.com, 
> ou=example.com, o=NetscapeRoot
> SuiteSpotGroup: nogroup
> sysgroup: nogroup
> userdn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
> ldapurl: ldap://srvr0.example.com:389/o=NetscapeRoot
> SuiteSpotUserID: nobody
> sie: cn=admin-serv-srvr4, cn=389 Administration Server, cn=Server Group, 
> cn=srvr4.example.com, ou=example.com, o=NetscapeRoot
>
>
> Also,  on the slave server I found this in dse.ldif
>
> dn: cn=Pass Through Authentication,cn=plugins,cn=config
> objectClass: top
> objectClass: nsSlapdPlugin
> objectClass: extensibleObject
> cn: Pass Through Authentication
> nsslapd-pluginPath: libpassthru-plugin
> nsslapd-pluginInitfunc: passthruauth_init
> nsslapd-pluginType: preoperation
> nsslapd-pluginEnabled: on
> nsslapd-plugin-depends-on-type: database
> nsslapd-pluginarg0: ldap://srvr0.example.com:389/o=NetscapeRoot
> nsslapd-pluginId: passthruauth
> nsslapd-pluginVersion: 1.2.1
> nsslapd-pluginVendor: Fedora Project
> nsslapd-pluginDescription: pass through authentication plugin
>
> I am guessing this pass thru allows me to login to the admin server on 
> srvr0.example.com,  and then allow me access to the slave server.
Not exactly.  This allows the uid=admin,....,o=NetscapeRoot user to 
login to servers that do not have o=NetscapeRoot, by passing through the 
credentials to the configuration DS (the server that has o=NetscapeRoot).
> If so,  I 
> would assume I would need an entry like this for each MMR server?  Would I 
> need a whole entry?  or just stack the nsslapd-pluginarg0 attribute with all 
> the servers ie
>
> dn: cn=Pass Through Authentication,cn=plugins,cn=config
> objectClass: top
> objectClass: nsSlapdPlugin
> objectClass: extensibleObject
> cn: Pass Through Authentication
> nsslapd-pluginPath: libpassthru-plugin
> nsslapd-pluginInitfunc: passthruauth_init
> nsslapd-pluginType: preoperation
> nsslapd-pluginEnabled: on
> nsslapd-plugin-depends-on-type: database
> nsslapd-pluginarg0: ldap://srvr0.example.com:389/o=NetscapeRoot
> nsslapd-pluginarg0: ldap://srvr1.example.com:389/o=NetscapeRoot
> nsslapd-pluginarg0: ldap://srvr.example.com:389/o=NetscapeRoot
>   
The attribute is not multi-valued like that.  There is a different 
syntax for specifying multiple host:port in an LDAP URL:
ldap://srvr0.example.com:389 srvr1.example.com:389 
srvr.example.com:389/o=NetscapeRoot
> nsslapd-pluginId: passthruauth
> nsslapd-pluginVersion: 1.2.1
> nsslapd-pluginVendor: Fedora Project
> nsslapd-pluginDescription: pass through authentication plugin
>
> All servers are running debian etch|lenny with the following versions
> ii  port389-admin                     1.1.8                                
> Fedora Administration Server (admin)
> ii  port389-adminutil                 1.1.8                                
> Utility library for directory server adminis
> ii  port389-base                      1.2.1                                
> Fedora Directory Server (base)
>
>
> Thanks
>
> Ryan
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090813/20120d73/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux