Gmorning List and Rich,
I manged some progress Friday with cfg multimaster replication
fractional ( exclude memberOf plugin) the final goal is to have 3 ldap
's aka : 1,2 and 4 in mutlimaster fraction rep.
I had cfg dlap 2 to 4 as mutimaster , now I would like to bring in
ldap1 in cfg ( this is at present time our only production , all writes+
read s are going here) ,
we can not have ldap1 offline I will like to proceed with cfg the same
steps I did for 2 to 4, but I will ask ldap 2 to be initialized with
most recent data from ldap1 , any issues here I may have to be aware ?
Would ldap4 get updated also when performing the initialization of ldap2 ?
Thank you
Isabella
have On 10/02/2015 03:48 PM, Rich Megginson wrote:
On 10/02/2015 12:16 PM, ghiureai wrote:
Hi List and Rich,
as per last documentation update I am trying to cfg fractional
replication ( excluding memberOf plunging) for a multimaster cfg
server 3 ldap server, when starting with first one aftr mentioning
"memberOf " to be excluded in replication agreement , I get a message
like this ""Fractional replication can be done to a read-only suffix
in replica "...is this the case , so no multimaster will work with
fractional replication ? , or any other issue to get with message ?
I am following same procedure as for mutimaster replication except the
agreement has fractional replication , is this the correct approach ?
Thank you
Isabella
Isabella
On 10/01/2015 11:49 AM, ghiureai wrote:
Hi List ,Rich
Here is the URL for the doc mentioned in this email, please can you
confirm if this is the case for multimaster replication and memberOf
plugin , is this the last update doc version ?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof
Thank you
Isabella
On 10/01/2015 11:20 AM, Rich Megginson wrote:
On 10/01/2015 12:06 PM, ghiureai wrote:
Hi Rich
Unless the issue involves some sort of security problem that involves a
potential CVE, or contains sensitive data internal to your organization
that you cannot make public, I would prefer that you use the
389-users@xxxxxxxxxxxxxxxxxxxxxxx for questions such as this. Not only
will this benefit the entire community, but there are others who can
answer these sorts of questions.
Are you aware of any issues with MemberOf plugin and multimaster
replication, some of old documentation one of the developer mentioned
to me shows you can use full replication agreement ,
Please provide the URL of the documentation.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof
please see bellow and if you can advise if this is still the case :
"......The memberOf attributes for user entries should not be
replicated in multi-master environments. Make sure that the memberOf
attribute is excluded from replication in the replication agreement.
(Fractional replication is described in Section 11.1.7, “Replicating a
Subset of Attributes with Fractional Replication”.)
Each server must maintain its own MemberOf Plug-in independently. To
make sure that the memberOf attributes for entries are the same across
servers, simply configure the MemberOf Plug-in the same on all
servers.
With single-master replication, it is perfectly safe to replicate
memberOf attributes. Configure the MemberOf Plug-in for the supplier,
then replicate the memberOf attributes to the consumers. ....."
Yes, in general it is better to replicate the group operations only,
and
let each directory server update the internal memberof data. This
reduces the amount of replication traffic, and reduces the complexity
and processing in the memberof plugin to know if it needs to include or
exclude an operation.
Thank you
Isabella
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
