[389-users] memberOf pluging and multimaster replication
Rich Megginson
rmeggins at redhat.com
Mon Oct 5 15:13:52 UTC 2015
On 10/05/2015 08:57 AM, ghiureai wrote:
>
>
> Gmorning List and Rich,
>
> I manged some progress Friday with cfg multimaster replication
> fractional ( exclude memberOf plugin) the final goal is to have 3
> ldap 's aka : 1,2 and 4 in mutlimaster fraction rep.
> I had cfg dlap 2 to 4 as mutimaster , now I would like to bring in
> ldap1 in cfg ( this is at present time our only production , all
> writes+ read s are going here) ,
> we can not have ldap1 offline I will like to proceed with cfg the
> same steps I did for 2 to 4, but I will ask ldap 2 to be initialized
> with most recent data from ldap1 , any issues here I may have to be
> aware ?
No. You can initialize 2 from 1 while 1 is running.
> Would ldap4 get updated also when performing the initialization of
> ldap2 ?
No. After 2 is initialized, you can initialize 4 from either 1 or 2.
>
> Thank you
> Isabella
>
>
> have On 10/02/2015 03:48 PM, Rich Megginson wrote:
>> On 10/02/2015 12:16 PM, ghiureai wrote:
>>>
>>> Hi List and Rich,
>>>
>>> as per last documentation update I am trying to cfg fractional
>>> replication ( excluding memberOf plunging) for a multimaster cfg
>>> server 3 ldap server, when starting with first one aftr mentioning
>>> "memberOf " to be excluded in replication agreement , I get a message
>>> like this ""Fractional replication can be done to a read-only suffix
>>> in replica "...is this the case , so no multimaster will work with
>>> fractional replication ? , or any other issue to get with message ?
>>> I am following same procedure as for mutimaster replication except the
>>> agreement has fractional replication , is this the correct approach ?
>>
>>> Thank you
>>> Isabella
>>>
>>>
>>> Isabella
>>>
>>> On 10/01/2015 11:49 AM, ghiureai wrote:
>>>> Hi List ,Rich
>>>> Here is the URL for the doc mentioned in this email, please can you
>>>> confirm if this is the case for multimaster replication and memberOf
>>>> plugin , is this the last update doc version ?
>>>>
>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof
>>>>
>>>>
>>>>
>>>> Thank you
>>>> Isabella
>>>> On 10/01/2015 11:20 AM, Rich Megginson wrote:
>>>>> On 10/01/2015 12:06 PM, ghiureai wrote:
>>>>>> Hi Rich
>>>>> Unless the issue involves some sort of security problem that
>>>>> involves a
>>>>> potential CVE, or contains sensitive data internal to your
>>>>> organization
>>>>> that you cannot make public, I would prefer that you use the
>>>>> 389-users at lists.fedoraproject.org for questions such as this. Not
>>>>> only
>>>>> will this benefit the entire community, but there are others who can
>>>>> answer these sorts of questions.
>>>>>
>>>>>
>>>>>> Are you aware of any issues with MemberOf plugin and multimaster
>>>>>> replication, some of old documentation one of the developer
>>>>>> mentioned
>>>>>> to me shows you can use full replication agreement ,
>>>>> Please provide the URL of the documentation.
>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof
>>>>
>>>>
>>>>
>>>>>> please see bellow and if you can advise if this is still the case :
>>>>>>
>>>>>> "......The memberOf attributes for user entries should not be
>>>>>> replicated in multi-master environments. Make sure that the memberOf
>>>>>> attribute is excluded from replication in the replication agreement.
>>>>>> (Fractional replication is described in Section 11.1.7,
>>>>>> “Replicating a
>>>>>> Subset of Attributes with Fractional Replication”.)
>>>>>> Each server must maintain its own MemberOf Plug-in independently. To
>>>>>> make sure that the memberOf attributes for entries are the same
>>>>>> across
>>>>>> servers, simply configure the MemberOf Plug-in the same on all
>>>>>> servers.
>>>>>> With single-master replication, it is perfectly safe to replicate
>>>>>> memberOf attributes. Configure the MemberOf Plug-in for the
>>>>>> supplier,
>>>>>> then replicate the memberOf attributes to the consumers. ....."
>>>>> Yes, in general it is better to replicate the group operations only,
>>>>> and
>>>>> let each directory server update the internal memberof data. This
>>>>> reduces the amount of replication traffic, and reduces the complexity
>>>>> and processing in the memberof plugin to know if it needs to
>>>>> include or
>>>>> exclude an operation.
>>>>>
>>>>>> Thank you
>>>>>> Isabella
>>>>>>
>
More information about the 389-users
mailing list