[389-users] Moving admin servers

Rich Megginson rmeggins at redhat.com
Fri May 20 20:36:04 UTC 2011 

On 05/20/2011 02:25 PM, Roland Schwingel wrote:
>
> Hi Rich...
>
> Thanks for the reply,
>
> > So currently you have all of the directory servers registered with a
> > directory server running in Net-A - this is the directory server
> > that hosts the o=netscaperoot suffix used to register and configure
> > those servers in the console.  This is on a machine with hostname
> > ldap.neta or something like that.  Now you want instead to have a
> > new server ldap.netc and have all of the directory servers
> > registered with that server instead?
>
> You are right....
> When running setup-ds-admin.pl you have the option to register
> a new server to another already running server. This one is at
> present the one in net-a. Now I have to register all server to a
> server in net-c.
Are you moving any of the servers other than the one that contains 
o=NetscapeRoot?  If not, then you could try the following:
1) export the o=NetscapeRoot (NetscapeRoot) database from the server in 
net-a
  db2ldif -U -n NetscapeRoot -a /path/to/nsroot.ldif
2) use perl/sed/awk/whatever you are most comfortable with to change 
references to net-a to net-c in nsroot.ldif
3) Create a suffix o=NetscapeRoot and database NetscapeRoot in the 
server in net-c
4) Import (initialize) the new o=NetscapeRoot with the old server data

Then, you'll have to edit the /etc/dirsrv/admin-serv/adm.conf in all of 
your servers to change any references to net-a to net-c, then restart 
the admin server (restart-ds-admin)

Finally, you'll have to run ldapmodify on all of your servers (except 
the one that has the new o=NetscapeRoot) to do something like this:

ldapmodify -x -h hostname -D "cn=directory manager" -W <<EOF
dn: cn=Pass Through Authentication,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginarg0
nsslapd-pluginarg0: ldap://hostname.of.new.server.in.net-c/o=NetscapeRoot

You'll have to restart the server in order for this change to take 
effect, but if you don't want to manage the server via the console, you 
don't have to restart it.

>
> Thanks for your kind help,
>
> Roland
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110520/857ef6be/attachment.html>

More information about the 389-users mailing list