Hi all, I have two FDS 1.0.2 systems in a master/slave set-up (for redundancy purposes rather than load) that are for authenticating a small number of high-capacity systems (many users). The client systems are configured to access the slave system first and fail-over to the master if the slave is unavailable. Add/modify/delete requests posted to the slave (which are frequent) are referred along to the master and then replicated back. It all works normally. The problem is that when the slave server makes an update to itself, such as when user login attempt fails, the appropriate attribute is updated (in this case, passwordretrycount) rather than referred to the master - which makes sense I guess. I''d like these updates referred to the master because all of my user administration tools talk to the master - things like failed login attempts and temporally locked accounts never show up on the master. Is there a way I can do this (short of writing plugins) or do I have to work around it? Thanks, Jason
Jason Russler wrote:> Hi all, I have two FDS 1.0.2 systems in a master/slave set-up (for > redundancy purposes rather than load) that are for authenticating a > small number of high-capacity systems (many users). The client > systems are configured to access the slave system first and fail-over > to the master if the slave is unavailable. Add/modify/delete > requests posted to the slave (which are frequent) are referred along > to the master and then replicated back. It all works normally. > > The problem is that when the slave server makes an update to itself, > such as when user login attempt fails, the appropriate attribute is > updated (in this case, passwordretrycount) rather than referred to the > master - which makes sense I guess. I''d like these updates referred > to the master because all of my user administration tools talk to the > master - things like failed login attempts and temporally locked > accounts never show up on the master. Is there a way I can do this > (short of writing plugins) or do I have to work around it? Thanks, > JasonI think you''d have to use something like Chain on Update, which allows the replica to follow the referral to the master itself. http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate> > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
That''s what I want! Thanks. Richard Megginson wrote:> Jason Russler wrote: >> Hi all, I have two FDS 1.0.2 systems in a master/slave set-up (for >> redundancy purposes rather than load) that are for authenticating a >> small number of high-capacity systems (many users). The client >> systems are configured to access the slave system first and fail-over >> to the master if the slave is unavailable. Add/modify/delete >> requests posted to the slave (which are frequent) are referred along >> to the master and then replicated back. It all works normally. >> >> The problem is that when the slave server makes an update to itself, >> such as when user login attempt fails, the appropriate attribute is >> updated (in this case, passwordretrycount) rather than referred to >> the master - which makes sense I guess. I''d like these updates >> referred to the master because all of my user administration tools >> talk to the master - things like failed login attempts and temporally >> locked accounts never show up on the master. Is there a way I can do >> this (short of writing plugins) or do I have to work around it? >> Thanks, Jason > I think you''d have to use something like Chain on Update, which allows > the replica to follow the referral to the master itself. > http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate >