[Fedora-directory-users] DNA MultiMaster

Nathan Kinder nkinder at redhat.com
Wed May 6 20:14:05 UTC 2009 

Edward Konetzko wrote:
> Sorry if this already posted, I seem to be having trouble with email 
> today.
>
> I have read the following pages and cannot exactly figure out how to 
> do what I want.
>
> http://directory.fedoraproject.org/wiki/DNA_Plugin
> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/dna.html
>
> I have 2 companies I want to set ranges for company 1gets range 
> uidNumber and gidNumber 1Million - (2Million -1) and Company 2 gets 
> Range uidNumber and gidNumber 2 Million - (3Million -1).  DIT layout 
> is {ou=people,ou=groups,ou=ranges}, ou= Company{1,2}, dc=example, dc=com.
>
> I Setup company 1 on master1 with the following ldifs.
>
> dn: ou=Ranges,ou=Company1 dc=example, dc=com
> objectclass: top
> objectclass: extensibleObject
> objectclass: organizationalUnit
> ou: Ranges
>
> dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
>
> dn: cn=Company1 Account UIDs,cn=Distributed Numeric Assignment 
> Plugin,cn=plugins,cn=config
> objectClass: top
> objectClass: extensibleObject
> cn: Company1 Account UIDs
> dnatype: uidNumber
> dnafilter: (objectclass=posixAccount)
> dnascope: ou=Company1 , dc=example,dc=com
> dnanextvalue: 1000000
> dnaMaxValue: 1000500
> dnasharedcfgdn: cn=Company1 Account UIDs,ou=Ranges,dc=example,dc=com
> dnathreshold: 100
> dnaRangeRequestTimeout: 60
> dnaMagicRegen: magic
> dnaNextRange: 1000501 - 1999999
>
> I then repeat this on master2 but then when I add users to both 
> servers Master1 hands out uidNumber = 1 and Master2 hands out 
> uidNumber = 1 for their first adds and keep adding numbers 
> incrementing by one thus overlapping numbers.  For gidNumber I 
> basically use the same Ldifs except I substitue Group UID for Account 
> UID and gidNumber for uidNumber.
>
> User add ldif looks as the following
> dn: uid=test,ou=people,ou=Region1, dc=example,dc=com
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: test
> gecos: test
> gidNumber: magic
> givenName: test
> homeDirectory: /home/test
> loginShell: /bin/bash
> mail: test at example.com
> o: test
> shadowLastChange: 14098
> shadowMax: 99999
> shadowWarning: 7
> sn: test
> uid: test
> uidNumber: magic
> userPassword:: <password>
>
>
> Question is what I am doing wrong?
> Server is Redhat DS 8.1 on rhel 5 64bit.
If you configure both masters to use the same range, then they will both 
assign the same values.  You need to split the range for company1 in 
half and assign half to each of your two masters (1,000,000-1,499,999 
for master1 and 1,500,000-1,999,999 for master2).  You need to use 
dnaNextValue and dnaMaxValue to set these upper and lower boundries.  
You should not be setting dnaNextRange at all for what you are trying to do.
>
> Thanks
> Edward
>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

More information about the Fedora-directory-users mailing list