[389-users] Replication and Password Changes

Iain Morgan Iain.Morgan at nasa.gov
Wed Nov 9 18:57:00 UTC 2011 

On Tue, Nov 08, 2011 at 19:11:07 -0600, Tom Tucker wrote:
>    Please pardon any blunders in my LDAP vernacular. *My LDAP exposure has
>    been limited thus far.
>    I am testing Fedora 389 Directory Server as a replacement from my antique
>    Sun One (5.X) directory server. Things have gone well so far btw.
>    Q1) My first hurdle was confirming my ability to perform succesful export
>    and imports between the two platforms. *As I continue to test, what is the
>    recommended approach for importing any changes since my last import? Do I
>    need to delete everything on the Fedora DS and do a fresh import or what?
>    Any recommendations here? If yes, please provide steps.

I am in a similar situation of migrating to 389DS and had a similar
question.  Yesterday, I found that the perl-LDAP distribution includes a
few scripts which may be useful; in particular, ldifdiff.pl. I've only
done a trivial test of it thus far, but it looks like it could be a way
import changes relative to a previous import.

>    Q2) My company has three data centers. *My initial thought was to
>    configure the new ldap environment in a multi-master configuration.
>    Assuming ServerA (in DC3 is unavailable (shown below) and clients are now
>    communicating with ServerB, how do we handle any password changes on the
>    client side? Is this just not possible or do I need to reconsider my
>    architecture?

How do you address this scenario currently? I assume referring the
clients to one of the other masters is not an option due to firewalls,
etc. If it is an option, you might want to have the DC1 master replicate
to the DC2 slave, and the DC2 master replicate to the DC3 slave, etc.

>    DC1 ServerA (supplier)
>    * * ServerB (consumer RO)
>    DC2 ServerA (supplier)
>    * * ServerB (consumer RO)
>    DC3 ServerA (supplier)
>    * * ServerB (consumer RO)
>    Thank you for your time and assistance.
>    System Data
>    -------------------
>    389-dsgw-1.1.7-2.fc15.i686
>    389-console-1.1.7-1.fc15.noarch
>    389-admin-1.1.23-1.fc15.i686
>    389-adminutil-1.1.14-1.fc15.i686
>    389-ds-base-1.2.10-0.4.a4.fc15.i686
>    389-ds-console-doc-1.2.6-1.fc15.noarch
>    389-ds-console-1.2.6-1.fc15.noarch
>    389-ds-1.2.1-2.fc15.noarch
>    389-ds-base-libs-1.2.10-0.4.a4.fc15.i686
>    389-admin-console-1.1.8-1.fc15.noarch
>    389-admin-console-doc-1.1.8-1.fc15.noarch
>    # cat /etc/redhat-release*
>    Fedora release 15 (Lovelock)

> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users


-- 
Iain Morgan

More information about the 389-users mailing list