[389-users] Specifying failover configuration servers

Ryan Braun [ADS] ryan.braun at ec.gc.ca
Thu Aug 13 18:23:35 UTC 2009 

In my testing lab,  I have setup 2 servers using MMR replicating both userroot 
and netscaperoot.  All replication is working between the 2 servers.  My 3rd 
server,  a consumer read-only replica of userroot, I registered to the first 
of the 2 MMR servers.  My question,  is how do I configure the slave server 
to be able to contact the second (or any other) MMR server to get is admin 
server configs automatically if the first server ever goes boom?  Eventually 
we will have 4 MMR servers,  2 groups of 2 with ip takeover style HA, for 
example

westldap.example.com (virtual ip)
westldap0.example.com
westldap1.example.com
eastldap.example.com (virtual ip)
eastldap0.example.com
eastldap1.example.com

On the slave server,  adm.conf looks like so (with host specific details 
replaced).  Would I just add another ldapurl option?  And would the server be 
smart enough to fail over to the next server listed?

AdminDomain: example.com
sysuser: nobody
isie: cn=389 Administration Server, cn=Server Group, cn=ywgsrvr4.example.com, 
ou=example.com, o=NetscapeRoot
SuiteSpotGroup: nogroup
sysgroup: nogroup
userdn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
ldapurl: ldap://srvr0.example.com:389/o=NetscapeRoot
SuiteSpotUserID: nobody
sie: cn=admin-serv-srvr4, cn=389 Administration Server, cn=Server Group, 
cn=srvr4.example.com, ou=example.com, o=NetscapeRoot


Also,  on the slave server I found this in dse.ldif

dn: cn=Pass Through Authentication,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Pass Through Authentication
nsslapd-pluginPath: libpassthru-plugin
nsslapd-pluginInitfunc: passthruauth_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginarg0: ldap://srvr0.example.com:389/o=NetscapeRoot
nsslapd-pluginId: passthruauth
nsslapd-pluginVersion: 1.2.1
nsslapd-pluginVendor: Fedora Project
nsslapd-pluginDescription: pass through authentication plugin

I am guessing this pass thru allows me to login to the admin server on 
srvr0.example.com,  and then allow me access to the slave server.  If so,  I 
would assume I would need an entry like this for each MMR server?  Would I 
need a whole entry?  or just stack the nsslapd-pluginarg0 attribute with all 
the servers ie

dn: cn=Pass Through Authentication,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Pass Through Authentication
nsslapd-pluginPath: libpassthru-plugin
nsslapd-pluginInitfunc: passthruauth_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginarg0: ldap://srvr0.example.com:389/o=NetscapeRoot
nsslapd-pluginarg0: ldap://srvr1.example.com:389/o=NetscapeRoot
nsslapd-pluginarg0: ldap://srvr.example.com:389/o=NetscapeRoot
nsslapd-pluginId: passthruauth
nsslapd-pluginVersion: 1.2.1
nsslapd-pluginVendor: Fedora Project
nsslapd-pluginDescription: pass through authentication plugin

All servers are running debian etch|lenny with the following versions
ii  port389-admin                     1.1.8                                
Fedora Administration Server (admin)
ii  port389-adminutil                 1.1.8                                
Utility library for directory server adminis
ii  port389-base                      1.2.1                                
Fedora Directory Server (base)


Thanks

Ryan

More information about the Fedora-directory-users mailing list