Chris Phillips wrote: > > On Mon, Jun 22, 2009 at 8:04 PM, Rich Megginson <rmeggins at redhat.com > <mailto:rmeggins at redhat.com>> wrote: > > Chris Phillips wrote: > > > Try editing /etc/dirsrv/admin-serv/adm.conf to point to the > correct server, then try register-ds-admin.pl > > > I'm afraid I'm still in the dark here. The adm.conf is used by > the admin server to contact the DS instance to be managed? I > thought the logic was the other way round, with the DS server > "phoning home" to register itself to the Admin. Either way, > the adm.conf then only lists one server in the ldapurl, and > the other two attributes referencing the server, sie and isie > both get changed to match the server in the ldapurl as part of > the registration, removing all other references to the server > that was in there. So whilst I thought my modifications to > adm.conf (changing the ldapurl from server b to a) on server b > and running register-ds-admin.pl on server b would add server > b to the admin console on server a. Instead it *replaced* > server b with server a on the admin console on server b, > meaning both admin consoles were then registered to administer > server a. Not anything like what I wanted! > > Any pointers? > > Change adm.conf back to point to which server you want to use as > your main server, and then run setup-ds-admin.pl -u > > > My main what server? DS or Admin? DS. The directory server which has the master copy of o=NetscapeRoot which contains all of the configuration information for all of the admin servers and directory servers in your organization. > As I understand that, that will register whatever server is listed as > the ldapurl as the only instance in the Admin server on the box I'm > running this on. Correct? No. > > Am I being deluded about this? I'm expect to log in to an admin server > with the idm console, and see a list of 8 different machines listed > there, and be able to browse the ldap tree of any of those machines, Yes. > including their o=NetscapeRoot No. Only the master configuration DS will have o=NetscapeRoot. The other servers should not have o=NetscapeRoot (unless you have set up MMR/failover for o=NetscapeRoot). > and be able to manage ACI's, password policies and such... This is the > model you recommend, no? This is the recommended model. > > Thanks > > Chris > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090622/221420a5/attachment.bin
