On September 21, 2010 01:09:49 pm Jason Forde wrote: > Hello, > > I am at the early stages of building and testing a 2 Master directory > server setup trying to work out what to do with the configuration directory > server. > > I initially had it setup on one server1 with server2 using this, but then > if server1 goes down the console access for server2 is broken. I have been > trying to replicate the netscaperoot with little success (probably down to > my confusion on what to put in the 'server2.inf' and ldif files) and > wondered do I really have to replicate netscaperoot? What would be the > implication of each master having their own netscaperoot and not > replicating? > > Its quite a basic setup and we have 2 existing masters elsewhere setup like > this, so if I don't need to do this I'd like to keep it simple and have 2 > seperate netscaperoots - even if it meant having to update 2 seperate > servers, though I dont believe we have had to do this on the other > deployment yet. > > Pointers appreciated. When I'm setting up my MMR servers to replicate their databases (including o=netscaperoot), I usually follow the following order (off the top of my head anyhow). 1. Run setup-ds-admin.pl on one machine. (call this the master for now) 2. Setup and configure encryption on the master 3. run setup-ds.pl on any other MMR servers. 4. Setup encryption on the other MMR servers. (confirm all the servers can talk TLS/SSL to each other) 5. create the o=netscaperoot suffix on the other servers (see ldif below) 6. Configure whatever replication agreements you want for o=netscaperoot 7. init those agreements on the master (this should send o=netscaperoot to all the other servers) 8. on the other servers, run register-ds-admin.pl and register the admin server with itself (*not the master server*) If you look on your master server's o=netscaperoot, you should see the entries for the other servers as you register them.
