Ryan Braun [ADS] wrote:
In my testing lab, I have setup 2 servers using MMR replicating both userroot and netscaperoot. All replication is working between the 2 servers. My 3rd server, a consumer read-only replica of userroot, I registered to the first of the 2 MMR servers. My question, is how do I configure the slave server to be able to contact the second (or any other) MMR server to get is admin server configs automatically if the first server ever goes boom? Eventually we will have 4 MMR servers, 2 groups of 2 with ip takeover style HA, for exampleNo, unfortunately it's not that smart. Unfortunately, failover is manual. Please file a bugzilla to request failover.westldap.example.com (virtual ip) westldap0.example.com westldap1.example.com eastldap.example.com (virtual ip) eastldap0.example.com eastldap1.example.comOn the slave server, adm.conf looks like so (with host specific details replaced). Would I just add another ldapurl option?
And would the server be smart enough to fail over to the next server listed?Not exactly. This allows the uid=admin,....,o=NetscapeRoot user to login to servers that do not have o=NetscapeRoot, by passing through the credentials to the configuration DS (the server that has o=NetscapeRoot).AdminDomain: example.com sysuser: nobodyisie: cn=389 Administration Server, cn=Server Group, cn=ywgsrvr4.example.com, ou=example.com, o=NetscapeRootSuiteSpotGroup: nogroup sysgroup: nogroup userdn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot ldapurl: ldap://srvr0.example.com:389/o=NetscapeRoot SuiteSpotUserID: nobodysie: cn=admin-serv-srvr4, cn=389 Administration Server, cn=Server Group, cn=srvr4.example.com, ou=example.com, o=NetscapeRootAlso, on the slave server I found this in dse.ldif dn: cn=Pass Through Authentication,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: Pass Through Authentication nsslapd-pluginPath: libpassthru-plugin nsslapd-pluginInitfunc: passthruauth_init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginarg0: ldap://srvr0.example.com:389/o=NetscapeRoot nsslapd-pluginId: passthruauth nsslapd-pluginVersion: 1.2.1 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: pass through authentication pluginI am guessing this pass thru allows me to login to the admin server on srvr0.example.com, and then allow me access to the slave server.
If so, I would assume I would need an entry like this for each MMR server? Would I need a whole entry? or just stack the nsslapd-pluginarg0 attribute with all the servers ieThe attribute is not multi-valued like that. There is a different syntax for specifying multiple host:port in an LDAP URL: ldap://srvr0.example.com:389 srvr1.example.com:389 srvr.example.com:389/o=NetscapeRootdn: cn=Pass Through Authentication,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: Pass Through Authentication nsslapd-pluginPath: libpassthru-plugin nsslapd-pluginInitfunc: passthruauth_init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginarg0: ldap://srvr0.example.com:389/o=NetscapeRoot nsslapd-pluginarg0: ldap://srvr1.example.com:389/o=NetscapeRoot nsslapd-pluginarg0: ldap://srvr.example.com:389/o=NetscapeRoot
nsslapd-pluginId: passthruauth nsslapd-pluginVersion: 1.2.1 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: pass through authentication plugin All servers are running debian etch|lenny with the following versionsii port389-admin 1.1.8 Fedora Administration Server (admin) ii port389-adminutil 1.1.8 Utility library for directory server adminis ii port389-base 1.2.1 Fedora Directory Server (base)Thanks Ryan -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
