Joel Heenan wrote:
The consumers are in a DMZ and have no direct access to the configuration server. Obviously the masters are allowed to talk to the consumers to send them replication information, but the consumers are not allowed to talk back.It's possible. Try this: Create a local directory server instance, inside the firewall, on a different machine than the configuration directory server. Export the o=NetscapeRoot database from the config DS. Then run register-ds-admin.pl to register the directory server instance. Then export the o=NetscapeRoot again, and compare the before LDIF with the after LDIF. That should give you a pretty good idea of what entries and attributes you need.In all the guides they say run the perl script register-ds-admin.pl and type in the name of the configuration server. But this won't work because they aren't allowed to connect. Is there another way say can you export the configuration information to an LDIF and then import it ?
Note that you will still have to run register-ds-admin.pl on the consumer machines because there is some additional admin server set up that needs to be done on each machine, and some configuration of each remote directory server to allow remote management from the central console.
JoelOn Fri, Jul 24, 2009 at 1:50 AM, Rich Megginson <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>> wrote:Joel Heenan wrote: I'm using Directory Server 8.1 on CentOS. I have multi-mastered servers setup in our administrative network secured and locked away working well. I have consumers setup out in other network zones and am planning to setup replication out to these servers. I wanted to keep the console as a single administration point for all the servers but I can't work out how I can register the consumers with the console given that they have no network access. Is the access needed once you have registered them? If not I could punch a quick ssh tunnel or something which would allow them to register. I don't understand - you want to remotely manage the consumer servers with the console (which uses network access) but the consumers have no network access? Thanks Joel ------------------------------------------------------------------------ -- 389 users mailing list 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx> https://www.redhat.com/mailman/listinfo/fedora-directory-users-- 389 users mailing list 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx> https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------------ -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
