[389-users] Replication and Password Changes

Rich Megginson rmeggins at redhat.com
Wed Nov 9 20:28:18 UTC 2011


On 11/08/2011 06:11 PM, Tom Tucker wrote:
>
> Please pardon any blunders in my LDAP vernacular.  My LDAP exposure 
> has been limited thus far.
>
> I am testing Fedora 389 Directory Server as a replacement from my 
> antique Sun One (5.X) directory server. Things have gone well so far btw.
>
> Q1) My first hurdle was confirming my ability to perform succesful 
> export and imports between the two platforms.  As I continue to test, 
> what is the recommended approach for importing any changes since my 
> last import? Do I need to delete everything on the Fedora DS and do a 
> fresh import or what? Any recommendations here? If yes, please provide 
> steps.
You might be able to enable some sort of changelog on the SunDS, or 
enable the audit log.  Both of these will allow you to grab only the 
changes, in LDIF format, which you can then use ldapmodify to apply to 
your 389 server.
>
> Q2) My company has three data centers.  My initial thought was to 
> configure the new ldap environment in a multi-master configuration. 
> Assuming ServerA (in DC3 is unavailable (shown below) and clients are 
> now communicating with ServerB, how do we handle any password changes 
> on the client side?
When a client attempts to update a read-only replica, the replica sends 
back a referral to one of the masters.  The client has to be able to 
follow the referral to the master.

Alternately, you could configure the consumer to use chain on update 
http://directory.fedoraproject.org/wiki/Howto:ChainOnUpdate
> Is this just not possible or do I need to reconsider my architecture?
>
> DC1 ServerA (supplier)
>     ServerB (consumer RO)
>
> DC2 ServerA (supplier)
>     ServerB (consumer RO)
>
> DC3 ServerA (supplier)
>     ServerB (consumer RO)
>
> Thank you for your time and assistance.
>
>
> System Data
> -------------------
> 389-dsgw-1.1.7-2.fc15.i686
> 389-console-1.1.7-1.fc15.noarch
> 389-admin-1.1.23-1.fc15.i686
> 389-adminutil-1.1.14-1.fc15.i686
> 389-ds-base-1.2.10-0.4.a4.fc15.i686
> 389-ds-console-doc-1.2.6-1.fc15.noarch
> 389-ds-console-1.2.6-1.fc15.noarch
> 389-ds-1.2.1-2.fc15.noarch
> 389-ds-base-libs-1.2.10-0.4.a4.fc15.i686
> 389-admin-console-1.1.8-1.fc15.noarch
> 389-admin-console-doc-1.1.8-1.fc15.noarch
>
>
> # cat /etc/redhat-release
> Fedora release 15 (Lovelock)
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111109/634040b8/attachment.html>


More information about the 389-users mailing list