On Tue, Nov 08, 2011 at 19:11:07 -0600, Tom Tucker wrote: > Please pardon any blunders in my LDAP vernacular. *My LDAP exposure has > been limited thus far. > I am testing Fedora 389 Directory Server as a replacement from my antique > Sun One (5.X) directory server. Things have gone well so far btw. > Q1) My first hurdle was confirming my ability to perform succesful export > and imports between the two platforms. *As I continue to test, what is the > recommended approach for importing any changes since my last import? Do I > need to delete everything on the Fedora DS and do a fresh import or what? > Any recommendations here? If yes, please provide steps. I am in a similar situation of migrating to 389DS and had a similar question. Yesterday, I found that the perl-LDAP distribution includes a few scripts which may be useful; in particular, ldifdiff.pl. I've only done a trivial test of it thus far, but it looks like it could be a way import changes relative to a previous import. > Q2) My company has three data centers. *My initial thought was to > configure the new ldap environment in a multi-master configuration. > Assuming ServerA (in DC3 is unavailable (shown below) and clients are now > communicating with ServerB, how do we handle any password changes on the > client side? Is this just not possible or do I need to reconsider my > architecture? How do you address this scenario currently? I assume referring the clients to one of the other masters is not an option due to firewalls, etc. If it is an option, you might want to have the DC1 master replicate to the DC2 slave, and the DC2 master replicate to the DC3 slave, etc. > DC1 ServerA (supplier) > * * ServerB (consumer RO) > DC2 ServerA (supplier) > * * ServerB (consumer RO) > DC3 ServerA (supplier) > * * ServerB (consumer RO) > Thank you for your time and assistance. > System Data > ------------------- > 389-dsgw-1.1.7-2.fc15.i686 > 389-console-1.1.7-1.fc15.noarch > 389-admin-1.1.23-1.fc15.i686 > 389-adminutil-1.1.14-1.fc15.i686 > 389-ds-base-1.2.10-0.4.a4.fc15.i686 > 389-ds-console-doc-1.2.6-1.fc15.noarch > 389-ds-console-1.2.6-1.fc15.noarch > 389-ds-1.2.1-2.fc15.noarch > 389-ds-base-libs-1.2.10-0.4.a4.fc15.i686 > 389-admin-console-1.1.8-1.fc15.noarch > 389-admin-console-doc-1.1.8-1.fc15.noarch > # cat /etc/redhat-release* > Fedora release 15 (Lovelock) > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- Iain Morgan -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
