I can not give an authoritative answer, but if your active directory is 2003 server your active directory itself is multimaster ( no more PDC and SDC ). It seems theorically possible to install active directory sync on both nodes but leave it running only on one domain controller. Something like this:
 
 
AD2 <-> AD1
        |
LoadBalancer 
        |
FD2 <->FD1
 
Here are some maybes. The configuration of the winsync agreements might have issues communicating with a proxy or load balanced LDAP server. Also I do not know of any HA product that would be able to fail winsync on a windows server.
 
On 3/19/07, Paxton, Darren <darren.paxton@mercer.com> wrote:
Hi again all,

Managed to get myself to a  pretty good place with my configuration, but would appreciate another pointer from yourselves.

Currently I have the system up and running with two servers (master1 and master2) in a 2-way multi-master replication mode.

Master1 also has a Windows Synchronisation Agreement with adserver1, which is also working, however it is working in a two-way mode, propagating changes made on the Fedora Directory back to Active Directory.

Unfortunately, our current strategy is to have Active Directory as the single Directory for user management so as to make our Service Desk more efficient. We also have a policy of removing all single points of failure from within our enterprise, therefore I was looking at having two windows sync agreements from two Fedora Master servers to two different members of the same Active Directory.

The two Fedora Servers would also obviously need to be in sync (hence the multi-master setup) but probably with a number of read-only consumer servers dotted around the globe.

The question, therefore, is what would be the best way in terms of replication design, to achieve this objective?

Basically, I want to achieve the following:

AD2 -> FD2 <-> FD1 <- AD1
            / |              |\
          /   |              |  \        
        V   V             V  V
    FD3   FD4     FD5  FD6

Thanks in advance for any assistance you can provde.

Cheers

Darren



This e-mail and any attachments may be confidential or legally privileged.If you received this message in error or are not the intended recipient, you should destroy the email message and any attachments or copies, and you are prohibited from retaining, distributing, disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your co-operation.

Mercer Human Resource Consulting Limited is authorised and regulated by the Financial Services Authority. Registered in England No. 984275. Registered Office: 1 Tower Place West, Tower Place, London, EC3R 5BU.

 

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users