Anne Cross wrote:
We have two AD servers, and we're working on having four 389 Masters geographically distributed, multi-mastered between them, etc, etc, etc. The goal here is to stop having network hiccups take things out.No. See https://bugzilla.redhat.com/show_bug.cgi?id=182515 and https://bugzilla.redhat.com/show_bug.cgi?id=184155The AD servers talk to each other nigh-on instantaneously. Likewise for the 389 servers. Is it safe to set up sync agreements to *both* AD servers, in case one goes down?
Likewise, is it safe to set up an agreement to a single AD server on multiple masters, in case we lose one master?
You might run into the same issues as specified in the bugs above.
You must install PassSync on each and every domain controller. That's the only way PassSync can intercept the clear text password when someone changes his/her password.And for further fun, do I need to install PassSync on both AD servers? Our windows admin wants to set it up on the password server, and the documentation on RedHat's site doesn't say it specifically needs to be on the AD box, but I'm wondering what happens if the password changes circumvent the password server (an admin manually changes someone's password on the AD server, for example.)
-- juniper (this is moderately hairy, but once it's worked out, I will never need to touch it again, I hope)
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
