[Fedora-directory-users] Setting up Multiple Directory Servers - in a multi-master mesh. Having problems with admin server.

Rich Megginson rmeggins at redhat.com
Wed Feb 20 18:16:59 UTC 2008 

Howard Wilkinson wrote:
> Richard et al,
>
> I have obviously confused you on this so to start again!
>
> I have four machines on which I am installing directory server version 
> 1.1.
>
> I have automated the install so that I start with a virgin install 
> every time - erase the packages and delete all of the files left lying 
> around and then reinstall the packages.
>
> I want to set up the four machines in a fault-tolerant fashion. So I 
> have an initial master, a secondary on a separate machine, and 2 
> consumers on the other machines.
>
> I can setup the servers on each machine with their own admin server 
> and can gt the SSL working and have modified the mmr script and can 
> get all other server to replicate. Master and Secondary in 
> multi-master mode, consumers fed from master and secondary.
>
> What I want to achieve is to have all of the servers sharing the 
> o=NetscapeRoot paritition (i.e. all having an admin server but all 
> having the same configuration for the admin server). Now this means 
> that they need to be in a mesh multi-master - OK I can set that up but 
> I can't get the servers to register cleanly with the individual admin 
> servers on each of the machines.
Ok.  I understand.  First, you have to follow these guidelines - 
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html

Next, it sounds like you are running into this bug - 
https://bugzilla.redhat.com/show_bug.cgi?id=431103
>
> I understood that register-ds-admin.pl was the answer but the more I 
> look at this it seems to only manage multiple instances on one 
> machine. So how do I do this.
>
> If I replicate the o=NetscapeRoot with each server registered to its 
> own admin-server. Then the admin-servers only have one server 
> registered and it seems to be the master (but that may be timing). If 
> I try to register the secondary and consumers with the master 
> admin-server then nothing happens. SO I am missing a trick.

>
> I have the following silent set up file I use to configure each server.
>
>     [General]
>     FullMachineName=${HOSTNAMEFQDN}
>     SuiteSpotUserID=${LDAPUID}
>     SuiteSpotGroup=${LDAPGID}
>     ServerRoot=/usr/lib/fedora-ds
>     AdminDomain=${MASTERDOMAIN}
>     ConfigDirectoryAdminID=admin
>     ConfigDirectoryAdminPwd=${ADMINPASSWD}
>     ConfigDirectoryLdapURL=${ConfigDirectoryLdapURL}
>     UserDirectoryAdminID=admin
>     UserDirectoryAdminPwd=${ADMINPASSWD}
>     UserDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/${MASTERDN}
>     #CACertificateURL=
>
>     [slapd]
>     SlapdConfigForMC=${SlapdConfigForMC}
>     SecurityOn=No
>     UseExistingMC=${UseExistingMC}
>     UseExistingUG=0
>     ServerPort=${LDAPPORT}
>     ServerIdentifier=${HOSTNAME}
>     Suffix=dc=${MASTERDN}
>     RootDN=cn=Directory Manager
>     AddSampleEntries=No
>     InstallLdifFile=none
>     AddOrgEntries=No
>     DisableSchemaChecking=No
>     RootDNPwd=${DIRMANPASSWD}
>     start_server=1
>     install_full_schema=1
>
>     [admin]
>     SysUser=${LDAPUID}
>     Port=${ADMINPORT}
>     ServerIpAddress=*
>     ServerAdminID=admin
>     ServerAdminPwd=${ADMINPASSWD}
>     ApacheDir=/usr/sbin/
>     ApacheRoot=/etc/httpd
>
> I set
>
>     SlapdConfigForMC=1
>     UseExistingMC=0
>     ConfigDirectoryLdapURL=ldap://${HOSTNAMEFQDN}:${LDAPPORT}/o=NetscapeRoot
>
> for the first case of installing each server locally and change to
>
>     SlapdConfigForMC=1
>     UseExistingMC=1
>     ConfigDirectoryLdapURL=ldap://${MASTERHOSTFQDN}:${LDAPPORT}/o=NetscapeRoot
>
> for the second case where I have tried to get all registered with one 
> admin server. But no luck.
>
> Help!
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080220/e9cff99e/attachment.bin>

More information about the 389-users mailing list