Re: DNA MultiMaster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Edward Konetzko wrote:
Sorry if this already posted, I seem to be having trouble with email today.

I have read the following pages and cannot exactly figure out how to do what I want.

http://directory.fedoraproject.org/wiki/DNA_Plugin
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/dna.html

I have 2 companies I want to set ranges for company 1gets range uidNumber and gidNumber 1Million - (2Million -1) and Company 2 gets Range uidNumber and gidNumber 2 Million - (3Million -1). DIT layout is {ou=people,ou=groups,ou=ranges}, ou= Company{1,2}, dc=example, dc=com.

I Setup company 1 on master1 with the following ldifs.

dn: ou=Ranges,ou=Company1 dc=example, dc=com
objectclass: top
objectclass: extensibleObject
objectclass: organizationalUnit
ou: Ranges

dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

dn: cn=Company1 Account UIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: Company1 Account UIDs
dnatype: uidNumber
dnafilter: (objectclass=posixAccount)
dnascope: ou=Company1 , dc=example,dc=com
dnanextvalue: 1000000
dnaMaxValue: 1000500
dnasharedcfgdn: cn=Company1 Account UIDs,ou=Ranges,dc=example,dc=com
dnathreshold: 100
dnaRangeRequestTimeout: 60
dnaMagicRegen: magic
dnaNextRange: 1000501 - 1999999

I then repeat this on master2 but then when I add users to both servers Master1 hands out uidNumber = 1 and Master2 hands out uidNumber = 1 for their first adds and keep adding numbers incrementing by one thus overlapping numbers. For gidNumber I basically use the same Ldifs except I substitue Group UID for Account UID and gidNumber for uidNumber.

User add ldif looks as the following
dn: uid=test,ou=people,ou=Region1, dc=example,dc=com
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: test
gecos: test
gidNumber: magic
givenName: test
homeDirectory: /home/test
loginShell: /bin/bash
mail: test@xxxxxxxxxxx
o: test
shadowLastChange: 14098
shadowMax: 99999
shadowWarning: 7
sn: test
uid: test
uidNumber: magic
userPassword:: <password>


Question is what I am doing wrong?
Server is Redhat DS 8.1 on rhel 5 64bit.
If you configure both masters to use the same range, then they will both assign the same values. You need to split the range for company1 in half and assign half to each of your two masters (1,000,000-1,499,999 for master1 and 1,500,000-1,999,999 for master2). You need to use dnaNextValue and dnaMaxValue to set these upper and lower boundries. You should not be setting dnaNextRange at all for what you are trying to do.

Thanks
Edward


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux