[389-users] Sanity check for install approach
Jonathan Boulle
Jonathan.Boulle at betfair.com
Thu Jul 29 13:53:31 UTC 2010
On closer examination of the doc, it appears that chaining updates is only possible when using database links.
However, as I infer, using database links removes the possibility of replication, because the link would pass any modification back to the remote database.
Thus, if you had a consumer configured with a database link back to a supplier, and then set up a replication agreement from the supplier to the consumer, it would be replicating to its own database!
Am I understanding this correctly?
Is there a way to achieve our desired scenario: where no clients can directly access a read-write supplier (i.e. referrals are disabled, because network access is blocked); but they're still able to change their passwords, because the read-only consumer chains the update request back to a supplier?
Cheers
-----Original Message-----
From: 389-users-bounces at lists.fedoraproject.org [mailto:389-users-bounces at lists.fedoraproject.org] On Behalf Of Gerrard Geldenhuis
Sent: 29 July 2010 13:04
To: 389-users at lists.fedoraproject.org
Subject: [389-users] Sanity check for install approach
Hi
I would appreciate anyone just giving the tasks below a sanity check.
We will have a multimaster setup with various consumers from which clients will be authenticating off. Clients can not reach the masters directly and can only reach the consumer servers.
To enable password policies to work correctly I will configure the consumer servers to chain requests back to the masters and enable chaining for the Password policy component. My understanding is thus that when a client tries to authenticate against the consumer server and fails, the password policy configured on the consumer will activate and the counter incremented for failed logins. This incremented counter change will then be chained back to the master which will replicate it back to the consumer and any other consumers.
To rephrase the above... in a user story.
User authenticates against consumer01
Authentication fails
Consumer01 has password policy configured and replication from master01.
What happens next?
Does the consumer automatically communicate this failure back to master01, or do you need to setup chaining for this to happen?
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
More information about the 389-users
mailing list