Ken Marsh
2008-Mar-06 21:21 UTC
[Fedora-directory-users] netscapeRoot and Config propagation
Thanks everyone for answering on the Groups question. I was so focused People ou in the GUI I didn''t see the Group ou a few menu lines up. :-) I went into it and rediscovered that I knew how to create posixgroups two years ago. I created a new one succesfully and added users to it. On an LDAP-ified Linux host they can now newgrp to that group. Now I have two more complicated questions. 1. Group info does not multi-master replicate like user info does. Specifically, I would like to manage posixgroups from any MultiMaster server. My new posix group is stuck on just the server I created it on. 2. Config data does not multi-master replicate like user info does. It would be nice to administer any server from any server. At the moment the only way I know how to do this is on installation. I don''t want to reinstall any DS at this point, though. My understanding is that mmr.pl sets up replication for only userRoot, not NetscapeRoot. I went through the Admin GUI and under the Configuration tab, Replication->NetscapeRoot I checked "Enable Replica", checked MultiMaster and set up the Current Supplier DN''s to cn=repman,cn=config just like userRoot. Now it has a replica entry under Directory Tab->config->mapping tree just like dc=company,dc=com . However the attributes under o=NetscapeRoot do not have the nsslapd-backend and nsslapd-referral attributes. I''m guessing I need something like mmr.pl except for NetscapeRoot to fill in the blanks. Is there a howto for this, or any tips? Once again, thanks to the Fedora DS development team for a great product. Despite my noobish questions, it has saved me countless manhours and been very reliable. Ken Marsh ANS System Administration Lead (410) 876-9200
Rich Megginson
2008-Mar-06 21:39 UTC
Re: [Fedora-directory-users] netscapeRoot and Config propagation
Ken Marsh wrote:> > Thanks everyone for answering on the Groups question. I was so focused > People ou in the GUI I didn’t see the Group ou a few menu lines up. J > I went into it and rediscovered that I knew how to create posixgroups > two years ago. I created a new one succesfully and added users to it. > On an LDAP-ified Linux host they can now newgrp to that group. > > Now I have two more complicated questions. > > 1. Group info does not multi-master replicate like user info does. > > Specifically, I would like to manage posixgroups from any MultiMaster > server. My new posix group is stuck on just the server I created it on. >By default replication should replicate everything - it does not care what type of data it is.> > 2. Config data does not multi-master replicate like user info does. > > It would be nice to administer any server from any server. >The console/admin server don''t really work that way. You should use o=NetscapeRoot replication for failover, not general load balancing. See http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html> > At the moment the only way I know how to do this is on installation. I > don’t want to reinstall any DS at this point, though. My understanding > is that mmr.pl sets up replication for only userRoot, not NetscapeRoot. > > I went through the Admin GUI and under the Configuration tab, > Replication->NetscapeRoot I checked “Enable Replica”, checked > MultiMaster and set up the Current Supplier DN’s to > cn=repman,cn=config just like userRoot. > > Now it has a replica entry under Directory Tab->config->mapping tree > just like dc=company,dc=com . However the attributes under > o=NetscapeRoot do not have the nsslapd-backend and nsslapd-referral > attributes. I’m guessing I need something like mmr.pl except for > NetscapeRoot to fill in the blanks. > > Is there a howto for this, or any tips? > > Once again, thanks to the Fedora DS development team for a great > product. Despite my noobish questions, it has saved me countless > manhours and been very reliable. > > Ken Marsh > > ANS System Administration Lead > > (410) 876-9200 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
solarflow99
2008-Mar-07 00:49 UTC
Re: [Fedora-directory-users] netscapeRoot and Config propagation
On Thu, Mar 6, 2008 at 9:39 PM, Rich Megginson <rmeggins@redhat.com> wrote:> Ken Marsh wrote: > > > > Thanks everyone for answering on the Groups question. I was so focused > > People ou in the GUI I didn''t see the Group ou a few menu lines up. J > > I went into it and rediscovered that I knew how to create posixgroups > > two years ago. I created a new one succesfully and added users to it. > > On an LDAP-ified Linux host they can now newgrp to that group. >is this actually a requirement, or does adding their groups from the console give them the extra GID access?