On September 21, 2010 01:09:49 pm Jason Forde wrote: > Hello, > > I am at the early stages of building and testing a 2 Master directory > server setup trying to work out what to do with the configuration directory > server. > > I initially had it setup on one server1 with server2 using this, but then > if server1 goes down the console access for server2 is broken. I have been > trying to replicate the netscaperoot with little success (probably down to > my confusion on what to put in the 'server2.inf' and ldif files) and > wondered do I really have to replicate netscaperoot? What would be the > implication of each master having their own netscaperoot and not > replicating? > > Its quite a basic setup and we have 2 existing masters elsewhere setup like > this, so if I don't need to do this I'd like to keep it simple and have 2 > seperate netscaperoots - even if it meant having to update 2 seperate > servers, though I dont believe we have had to do this on the other > deployment yet. > > Pointers appreciated. When I'm setting up my MMR servers to replicate their databases (including o=netscaperoot), I usually follow the following order (off the top of my head anyhow). 1. Run setup-ds-admin.pl on one machine. (call this the master for now) 2. Setup and configure encryption on the master 3. run setup-ds.pl on any other MMR servers. 4. Setup encryption on the other MMR servers. (confirm all the servers can talk TLS/SSL to each other) 5. create the o=netscaperoot suffix on the other servers (see ldif below) 6. Configure whatever replication agreements you want for o=netscaperoot 7. init those agreements on the master (this should send o=netscaperoot to all the other servers) 8. on the other servers, run register-ds-admin.pl and register the admin server with itself (*not the master server*) If you look on your master server's o=netscaperoot, you should see the entries for the other servers as you register them. >From what I can tell, this will allow you (with some work) to point a servers config directory to another server, but does not allow for automatic failover to another configuration server if the local instance fails. cat ns.ldif -------- dn: cn="o=netscaperoot", cn=mapping tree, cn=config changetype: add nsslapd-state: backend objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: "o=netscaperoot" cn: o=netscaperoot nsslapd-backend: NetscapeRoot dn: cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config changetype: add objectclass: top objectclass: extensibleObject objectclass: nsBackendInstance nsslapd-suffix: o=netscaperoot cn: NetscapeRoot ldapadd -x -h TARGETSERVER -D "cn=directory manager" -W -f ldif/ns.ldif Ryan Braun Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558 E-Mail: Ryan.Braun@xxxxxxxx -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
