Fedora directory users - Jan 2009 - Clarification of User DS tab

I''m in the midst of setting up a DS replica using SSL and find myself a
bit confused on the purpose of the User DS and Configuration DS tabs in
the Administration Server Configuration.  Could someone point me to some
documentation on them?

What do they represent? I am guessing the Configuration DS is how we
connect to the portion of the tree holding configuration
(o=NetscapeRoot?).  When the LDAP server is part of another
administrative domain, should this point to the local LDAP server or to
the LDAP server which manages the administrative domain?

I am also guessing the User DS is that portion of the tree holding the
user directory, i.e., most of the directory.  In the case of a read-only
replica, should this point to the read/write master? Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation

Street Preacher: Are you SAVED?????!!!!!!
Educated Skeptic: Saved from WHAT?????!!!!!!
Educated Believer: From our selfishness that hurts the ones we love
                   and condemns us to an eternity of hurting each other.
http://www.spiritualoutreach.com
Christianity that makes sense

On [Sat, 17.01.2009 21:37], John A. Sullivan III wrote:
>I''m in the midst of setting up a DS replica using SSL and find
myself a
>bit confused on the purpose of the User DS and Configuration DS tabs in
>the Administration Server Configuration.  Could someone point me to some
>documentation on them?
>
>What do they represent? I am guessing the Configuration DS is how we
>connect to the portion of the tree holding configuration
>(o=NetscapeRoot?).  When the LDAP server is part of another
>administrative domain, should this point to the local LDAP server or to
>the LDAP server which manages the administrative domain?
The Configuration DS is o=Netscaperoot and User DS is the dn of your
DIT, eg. dc=example,dc=com. Since you can setup a dedicated DS just
for your Configuration, it makes sense to have seperated
SSL-Configuration settings for accessing the Configuration and User DS.

When you have a setup where several LDAP instances sharing the same
Configuration Directory, then you have to point the User DS to the local
running instances and for the Configuration Directory you point to the
server which holds a copy of o=NetscapeRoot.

Happy Day.
Thorsten
  
-- 
"Eternity is a very long time, especially towards the end."
  — Stephen Hawking

On Sun, 2009-01-18 at 13:40 +0100, Thorsten Scherf
wrote:
> On [Sat, 17.01.2009 21:37], John A. Sullivan III wrote:
> >I''m in the midst of setting up a DS replica using SSL and find
myself a
> >bit confused on the purpose of the User DS and Configuration DS tabs in
> >the Administration Server Configuration.  Could someone point me to
some
> >documentation on them?
> >
> >What do they represent? I am guessing the Configuration DS is how we
> >connect to the portion of the tree holding configuration
> >(o=NetscapeRoot?).  When the LDAP server is part of another
> >administrative domain, should this point to the local LDAP server or to
> >the LDAP server which manages the administrative domain?
> 
> The Configuration DS is o=Netscaperoot and User DS is the dn of your
> DIT, eg. dc=example,dc=com. Since you can setup a dedicated DS just
> for your Configuration, it makes sense to have seperated
> SSL-Configuration settings for accessing the Configuration and User DS.
> 
> When you have a setup where several LDAP instances sharing the same
> Configuration Directory, then you have to point the User DS to the local
> running instances and for the Configuration Directory you point to the
> server which holds a copy of o=NetscapeRoot.
> 
> Happy Day.
> Thorsten
<snip>
Thank you, Thorsten.  I assume when you say "several LDAP instances"
you
are not referring to replicas but separate trees.  Is that correct?
Thus, in the case of replicas, the User DS would point to the RW Master?
- John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society