Fedora directory users - Jun 2009 - [389-users] Registering to a central admin server

Hi,

Can someone describe how to register an existing dirsrv instance to an
existing admin server? The ds-setup-admin.pl scripts clearly performs the
registration exercise along with the build, but I can''t see how to do
this
as a single, 100% safe non-destructive way of registering existing machines
to a central admin server, to avoid having to annoyingly connect to admin
instances on evey existing machine as we currently have to.

Thanks

Chris

Chris Phillips wrote:
> Hi,
>
> Can someone describe how to register an existing dirsrv instance to an 
> existing admin server? The ds-setup-admin.pl scripts clearly performs 
> the registration exercise along with the build, but I can''t see
how to
> do this as a single, 100% safe non-destructive way of registering 
> existing machines to a central admin server, to avoid having to 
> annoyingly connect to admin instances on evey existing machine as we 
> currently have to.
You should be able to use register-ds-admin.pl, or use setup-ds-admin.pl 
-u to update software/version information in the
console.
>
> Thanks
>
> Chris
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

On Thu, Jun 11, 2009 at 3:12 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
> Chris Phillips wrote:
>
>> Hi,
>>
>> Can someone describe how to register an existing dirsrv instance to an
>> existing admin server? The ds-setup-admin.pl scripts clearly performs
the
>> registration exercise along with the build, but I can''t see
how to do this
>> as a single, 100% safe non-destructive way of registering existing
machines
>> to a central admin server, to avoid having to annoyingly connect to
admin
>> instances on evey existing machine as we currently have to.
>>
> You should be able to use register-ds-admin.pl, or use setup-ds-admin.pl -u
> to update software/version information in the console.

Hi again,

I''ve been trying to do this, but I can''t see how to register
with a
different centralized server. at no point in the register-ds-admin.pl steps
can I give an alternative server name / IP address to go off and connect to.
Any tips?

Thanks

Chris

Chris Phillips wrote:
>
>
> On Thu, Jun 11, 2009 at 3:12 PM, Rich Megginson <rmeggins@redhat.com 
> <mailto:rmeggins@redhat.com>> wrote:
>
>     Chris Phillips wrote:
>
>         Hi,
>
>         Can someone describe how to register an existing dirsrv
>         instance to an existing admin server? The ds-setup-admin.pl
>         scripts clearly performs the registration exercise along with
>         the build, but I can''t see how to do this as a single,
100%
>         safe non-destructive way of registering existing machines to a
>         central admin server, to avoid having to annoyingly connect to
>         admin instances on evey existing machine as we currently have to.
>
>     You should be able to use register-ds-admin.pl, or use
>     setup-ds-admin.pl -u to update software/version information in the
>     console.
>
>
> Hi again,
>
> I''ve been trying to do this, but I can''t see how to
register with a
> different centralized server. at no point in the register-ds-admin.pl 
> steps can I give an alternative server name / IP address to go off and 
> connect to. Any tips?
Try editing /etc/dirsrv/admin-serv/adm.conf to point to the correct 
server, then try register-ds-admin.pl
>
> Thanks
>
> Chris
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

On Fri, Jun 19, 2009 at 8:51 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
> Chris Phillips wrote:
>
>
>>
>> On Thu, Jun 11, 2009 at 3:12 PM, Rich Megginson
<rmeggins@redhat.com<mailto:
>> rmeggins@redhat.com>> wrote:
>>
>>    Chris Phillips wrote:
>>
>>        Hi,
>>
>>        Can someone describe how to register an existing dirsrv
>>        instance to an existing admin server? The ds-setup-admin.pl
>>        scripts clearly performs the registration exercise along with
>>        the build, but I can''t see how to do this as a single,
100%
>>        safe non-destructive way of registering existing machines to a
>>        central admin server, to avoid having to annoyingly connect to
>>        admin instances on evey existing machine as we currently have
to.
>>
>>    You should be able to use register-ds-admin.pl, or use
>>    setup-ds-admin.pl -u to update software/version information in the
>>    console.
>>
>>
>> Hi again,
>>
>> I''ve been trying to do this, but I can''t see how to
register with a
>> different centralized server. at no point in the register-ds-admin.pl
steps
>> can I give an alternative server name / IP address to go off and
connect to.
>> Any tips?
>>
> Try editing /etc/dirsrv/admin-serv/adm.conf to point to the correct server,
> then try register-ds-admin.pl
>
Can we not have multiple ones? We''d want to be able to aggregate them
back
to a main console, but also connect to the machine itself if need be. Or
could we just change the details temporarily?

Thanks

Chris

Chris Phillips wrote:
>
>
> On Fri, Jun 19, 2009 at 8:51 PM, Rich Megginson <rmeggins@redhat.com 
> <mailto:rmeggins@redhat.com>> wrote:
>
>     Chris Phillips wrote:
>
>
>
>         On Thu, Jun 11, 2009 at 3:12 PM, Rich Megginson
>         <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
>         <mailto:rmeggins@redhat.com
<mailto:rmeggins@redhat.com>>> wrote:
>
>            Chris Phillips wrote:
>
>                Hi,
>
>                Can someone describe how to register an existing dirsrv
>                instance to an existing admin server? The ds-setup-admin.pl
>                scripts clearly performs the registration exercise
>         along with
>                the build, but I can''t see how to do this as a
single, 100%
>                safe non-destructive way of registering existing
>         machines to a
>                central admin server, to avoid having to annoyingly
>         connect to
>                admin instances on evey existing machine as we
>         currently have to.
>
>            You should be able to use register-ds-admin.pl, or use
>            setup-ds-admin.pl -u to update software/version information
>         in the
>            console.
>
>
>         Hi again,
>
>         I''ve been trying to do this, but I can''t see how
to register
>         with a different centralized server. at no point in the
>         register-ds-admin.pl steps can I give an alternative server
>         name / IP address to go off and connect to. Any tips?
>
>     Try editing /etc/dirsrv/admin-serv/adm.conf to point to the
>     correct server, then try register-ds-admin.pl
>
>
> Can we not have multiple ones? We''d want to be able to aggregate
them
> back to a main console, but also connect to the machine itself if need 
> be. Or could we just change the details temporarily?
It''s not really designed for that - it''s designed to have all
servers
registered in a central configuration directory server (o=NetscapeRoot), 
but I suppose with some hacking you could make it work.
>
> Thanks
>
> Chris
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

On Fri, Jun 19, 2009 at 8:51 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
> Chris Phillips wrote:
>
>> On Thu, Jun 11, 2009 at 3:12 PM, Rich Megginson
<rmeggins@redhat.com<mailto:
>> rmeggins@redhat.com>> wrote:
>>    Chris Phillips wrote:
>>
>>        Hi,
>>
>>        Can someone describe how to register an existing dirsrv
>>        instance to an existing admin server? The ds-setup-admin.pl
>>        scripts clearly performs the registration exercise along with
>>        the build, but I can''t see how to do this as a single,
100%
>>        safe non-destructive way of registering existing machines to a
>>        central admin server, to avoid having to annoyingly connect to
>>        admin instances on evey existing machine as we currently have
to.
>>
>>    You should be able to use register-ds-admin.pl, or use
>>    setup-ds-admin.pl -u to update software/version information in the
>>    console.
>>
>>
>> Hi again,
>>
>> I''ve been trying to do this, but I can''t see how to
register with a
>> different centralized server. at no point in the register-ds-admin.pl
steps
>> can I give an alternative server name / IP address to go off and
connect to.
>> Any tips?
>>
> Try editing /etc/dirsrv/admin-serv/adm.conf to point to the correct server,
> then try register-ds-admin.pl
>
I''m afraid I''m still in the dark here. The adm.conf is used by
the admin
server to contact the DS instance to be managed? I thought the logic was the
other way round, with the DS server "phoning home" to register itself
to the
Admin. Either way, the adm.conf then only lists one server in the ldapurl,
and the other two attributes referencing the server, sie and isie both get
changed to match the server in the ldapurl as part of the registration,
removing all other references to the server that was in there. So whilst I
thought my modifications to adm.conf (changing the ldapurl from server b to
a) on server b and running register-ds-admin.pl on server b would add server
b to the admin console on server a. Instead it *replaced* server b with
server a on the admin console on server b, meaning both admin consoles were
then registered to administer server a. Not anything like what I wanted!

Any pointers?

Cheers

Chris

Chris Phillips wrote:
>
>
> On Fri, Jun 19, 2009 at 8:51 PM, Rich Megginson <rmeggins@redhat.com 
> <mailto:rmeggins@redhat.com>> wrote:
>
>     Chris Phillips wrote:
>
>         On Thu, Jun 11, 2009 at 3:12 PM, Rich Megginson
>         <rmeggins@redhat.com <mailto:rmeggins@redhat.com>
>         <mailto:rmeggins@redhat.com
<mailto:rmeggins@redhat.com>>> wrote:
>            Chris Phillips wrote:
>
>                Hi,
>
>                Can someone describe how to register an existing dirsrv
>                instance to an existing admin server? The ds-setup-admin.pl
>                scripts clearly performs the registration exercise
>         along with
>                the build, but I can''t see how to do this as a
single, 100%
>                safe non-destructive way of registering existing
>         machines to a
>                central admin server, to avoid having to annoyingly
>         connect to
>                admin instances on evey existing machine as we
>         currently have to.
>
>            You should be able to use register-ds-admin.pl, or use
>            setup-ds-admin.pl -u to update software/version information
>         in the
>            console.
>
>
>         Hi again,
>
>         I''ve been trying to do this, but I can''t see how
to register
>         with a different centralized server. at no point in the
>         register-ds-admin.pl steps can I give an alternative server
>         name / IP address to go off and connect to. Any tips?
>
>     Try editing /etc/dirsrv/admin-serv/adm.conf to point to the
>     correct server, then try register-ds-admin.pl
>
>
> I''m afraid I''m still in the dark here. The adm.conf is
used by the
> admin server to contact the DS instance to be managed? I thought the 
> logic was the other way round, with the DS server "phoning home"
to
> register itself to the Admin. Either way, the adm.conf then only lists 
> one server in the ldapurl, and the other two attributes referencing 
> the server, sie and isie both get changed to match the server in the 
> ldapurl as part of the registration, removing all other references to 
> the server that was in there. So whilst I thought my modifications to 
> adm.conf (changing the ldapurl from server b to a) on server b and 
> running register-ds-admin.pl on server b would add server b to the 
> admin console on server a. Instead it *replaced* server b with server 
> a on the admin console on server b, meaning both admin consoles were 
> then registered to administer server a. Not anything like what I wanted!
>
> Any pointers?
Change adm.conf back to point to which server you want to use as your 
main server, and then run setup-ds-admin.pl -u
>
> Cheers
>
> Chris
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

On Mon, Jun 22, 2009 at 8:04 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
> Chris Phillips wrote:
>>
>>
>>    Try editing /etc/dirsrv/admin-serv/adm.conf to point to the
>>    correct server, then try register-ds-admin.pl
>>
>>
>> I''m afraid I''m still in the dark here. The adm.conf
is used by the admin
>> server to contact the DS instance to be managed? I thought the logic
was the
>> other way round, with the DS server "phoning home" to
register itself to the
>> Admin. Either way, the adm.conf then only lists one server in the
ldapurl,
>> and the other two attributes referencing the server, sie and isie both
get
>> changed to match the server in the ldapurl as part of the registration,
>> removing all other references to the server that was in there. So
whilst I
>> thought my modifications to adm.conf (changing the ldapurl from server
b to
>> a) on server b and running register-ds-admin.pl on server b would add
server
>> b to the admin console on server a. Instead it *replaced* server b with
>> server a on the admin console on server b, meaning both admin consoles
were
>> then registered to administer server a. Not anything like what I
wanted!
>>
>> Any pointers?
>>
> Change adm.conf back to point to which server you want to use as your main
> server, and then run setup-ds-admin.pl -u

My main what server? DS or Admin? As I understand that, that will register
whatever server is listed as the ldapurl as the only instance in the Admin
server on the box I''m running this on. Correct?

Am I being deluded about this? I''m expect to log in to an admin server
with
the idm console, and see a list of 8 different machines listed there, and be
able to browse the ldap tree of any of those machines, including their
o=NetscapeRoot and be able to manage ACI''s, password policies and
such...
This is the model you recommend, no?

Thanks

Chris

Chris Phillips wrote:
>
> On Mon, Jun 22, 2009 at 8:04 PM, Rich Megginson <rmeggins@redhat.com 
> <mailto:rmeggins@redhat.com>> wrote:
>
>     Chris Phillips wrote:
>
>
>            Try editing /etc/dirsrv/admin-serv/adm.conf to point to the
>            correct server, then try register-ds-admin.pl
>
>
>         I''m afraid I''m still in the dark here. The
adm.conf is used by
>         the admin server to contact the DS instance to be managed? I
>         thought the logic was the other way round, with the DS server
>         "phoning home" to register itself to the Admin. Either
way,
>         the adm.conf then only lists one server in the ldapurl, and
>         the other two attributes referencing the server, sie and isie
>         both get changed to match the server in the ldapurl as part of
>         the registration, removing all other references to the server
>         that was in there. So whilst I thought my modifications to
>         adm.conf (changing the ldapurl from server b to a) on server b
>         and running register-ds-admin.pl on server b would add server
>         b to the admin console on server a. Instead it *replaced*
>         server b with server a on the admin console on server b,
>         meaning both admin consoles were then registered to administer
>         server a. Not anything like what I wanted!
>
>         Any pointers?
>
>     Change adm.conf back to point to which server you want to use as
>     your main server, and then run setup-ds-admin.pl -u
>
>
> My main what server? DS or Admin?
DS.  The directory server which has the master copy of o=NetscapeRoot 
which contains all of the configuration information for all of the admin 
servers and directory servers in your organization.
> As I understand that, that will register whatever server is listed as 
> the ldapurl as the only instance in the Admin server on the box
I''m
> running this on. Correct?
No.
>
> Am I being deluded about this? I''m expect to log in to an admin
server
> with the idm console, and see a list of 8 different machines listed 
> there, and be able to browse the ldap tree of any of those machines,
Yes.
> including their o=NetscapeRoot
No.  Only the master configuration DS will have o=NetscapeRoot.  The 
other servers should not have o=NetscapeRoot (unless you have set up 
MMR/failover for o=NetscapeRoot).
> and be able to manage ACI''s, password policies and such... This is
the
> model you recommend, no?
This is the recommended model.
>
> Thanks
>
> Chris
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>