[389-users] memberOf pluging and multimaster replication
ghiureai
isabella.ghiurea at nrc-cnrc.gc.ca
Thu Oct 1 18:49:31 UTC 2015
Hi List ,Rich
Here is the URL for the doc mentioned in this email, please can you
confirm if this is the case for multimaster replication and memberOf
plugin , is this the last update doc version ?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof
Thank you
Isabella
On 10/01/2015 11:20 AM, Rich Megginson wrote:
> On 10/01/2015 12:06 PM, ghiureai wrote:
>> Hi Rich
> Unless the issue involves some sort of security problem that involves a
> potential CVE, or contains sensitive data internal to your organization
> that you cannot make public, I would prefer that you use the
> 389-users at lists.fedoraproject.org for questions such as this. Not only
> will this benefit the entire community, but there are others who can
> answer these sorts of questions.
>
>
>> Are you aware of any issues with MemberOf plugin and multimaster
>> replication, some of old documentation one of the developer mentioned
>> to me shows you can use full replication agreement ,
> Please provide the URL of the documentation.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof
>
>> please see bellow and if you can advise if this is still the case :
>>
>> "......The memberOf attributes for user entries should not be
>> replicated in multi-master environments. Make sure that the memberOf
>> attribute is excluded from replication in the replication agreement.
>> (Fractional replication is described in Section 11.1.7, “Replicating a
>> Subset of Attributes with Fractional Replication”.)
>> Each server must maintain its own MemberOf Plug-in independently. To
>> make sure that the memberOf attributes for entries are the same across
>> servers, simply configure the MemberOf Plug-in the same on all servers.
>> With single-master replication, it is perfectly safe to replicate
>> memberOf attributes. Configure the MemberOf Plug-in for the supplier,
>> then replicate the memberOf attributes to the consumers. ....."
> Yes, in general it is better to replicate the group operations only, and
> let each directory server update the internal memberof data. This
> reduces the amount of replication traffic, and reduces the complexity
> and processing in the memberof plugin to know if it needs to include or
> exclude an operation.
>
>> Thank you
>> Isabella
>>
More information about the 389-users
mailing list