Re: [389-users] Replication and Password Changes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/08/2011 06:11 PM, Tom Tucker wrote:

Please pardon any blunders in my LDAP vernacular.  My LDAP exposure has been limited thus far.

I am testing Fedora 389 Directory Server as a replacement from my antique Sun One (5.X) directory server. Things have gone well so far btw.

Q1) My first hurdle was confirming my ability to perform succesful export and imports between the two platforms.  As I continue to test, what is the recommended approach for importing any changes since my last import? Do I need to delete everything on the Fedora DS and do a fresh import or what? Any recommendations here? If yes, please provide steps.
You might be able to enable some sort of changelog on the SunDS, or enable the audit log.  Both of these will allow you to grab only the changes, in LDIF format, which you can then use ldapmodify to apply to your 389 server.

Q2) My company has three data centers.  My initial thought was to configure the new ldap environment in a multi-master configuration. Assuming ServerA (in DC3 is unavailable (shown below) and clients are now communicating with ServerB, how do we handle any password changes on the client side?
When a client attempts to update a read-only replica, the replica sends back a referral to one of the masters.  The client has to be able to follow the referral to the master.

Alternately, you could configure the consumer to use chain on update http://directory.fedoraproject.org/wiki/Howto:ChainOnUpdate
Is this just not possible or do I need to reconsider my architecture?

DC1 ServerA (supplier)
    ServerB (consumer RO)

DC2 ServerA (supplier)
    ServerB (consumer RO)

DC3 ServerA (supplier)
    ServerB (consumer RO)

Thank you for your time and assistance.


System Data
-------------------
389-dsgw-1.1.7-2.fc15.i686
389-console-1.1.7-1.fc15.noarch
389-admin-1.1.23-1.fc15.i686
389-adminutil-1.1.14-1.fc15.i686
389-ds-base-1.2.10-0.4.a4.fc15.i686
389-ds-console-doc-1.2.6-1.fc15.noarch
389-ds-console-1.2.6-1.fc15.noarch
389-ds-1.2.1-2.fc15.noarch
389-ds-base-libs-1.2.10-0.4.a4.fc15.i686
389-admin-console-1.1.8-1.fc15.noarch
389-admin-console-doc-1.1.8-1.fc15.noarch


# cat /etc/redhat-release 
Fedora release 15 (Lovelock)


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux