[389-users] Configuration Directory Server
Ryan Braun [ADS]
ryan.braun at ec.gc.ca
Tue Sep 21 16:43:42 UTC 2010
On September 21, 2010 01:09:49 pm Jason Forde wrote:
> Hello,
>
> I am at the early stages of building and testing a 2 Master directory
> server setup trying to work out what to do with the configuration directory
> server.
>
> I initially had it setup on one server1 with server2 using this, but then
> if server1 goes down the console access for server2 is broken. I have been
> trying to replicate the netscaperoot with little success (probably down to
> my confusion on what to put in the 'server2.inf' and ldif files) and
> wondered do I really have to replicate netscaperoot? What would be the
> implication of each master having their own netscaperoot and not
> replicating?
>
> Its quite a basic setup and we have 2 existing masters elsewhere setup like
> this, so if I don't need to do this I'd like to keep it simple and have 2
> seperate netscaperoots - even if it meant having to update 2 seperate
> servers, though I dont believe we have had to do this on the other
> deployment yet.
>
> Pointers appreciated.
When I'm setting up my MMR servers to replicate their databases (including
o=netscaperoot), I usually follow the following order (off the top of my
head anyhow).
1. Run setup-ds-admin.pl on one machine. (call this the master for now)
2. Setup and configure encryption on the master
3. run setup-ds.pl on any other MMR servers.
4. Setup encryption on the other MMR servers. (confirm all the servers can
talk TLS/SSL to each other)
5. create the o=netscaperoot suffix on the other servers (see ldif below)
6. Configure whatever replication agreements you want for o=netscaperoot
7. init those agreements on the master (this should send o=netscaperoot to
all the other servers)
8. on the other servers, run register-ds-admin.pl and register the admin
server with itself (*not the master server*)
If you look on your master server's o=netscaperoot, you should see the
entries for the other servers as you register them.
From what I can tell, this will allow you (with some work) to point a servers
config directory to another server, but does not allow for automatic
failover to another configuration server if the local instance fails.
cat ns.ldif
--------
dn: cn="o=netscaperoot", cn=mapping tree, cn=config
changetype: add
nsslapd-state: backend
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: "o=netscaperoot"
cn: o=netscaperoot
nsslapd-backend: NetscapeRoot
dn: cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: o=netscaperoot
cn: NetscapeRoot
ldapadd -x -h TARGETSERVER -D "cn=directory manager" -W -f ldif/ns.ldif
Ryan Braun
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558
E-Mail: Ryan.Braun at ec.gc.ca
More information about the 389-users
mailing list