[389-users] 389, Active Directory, PassSync, Multi-Masters, and multiple AD servers
Anne Cross
across at itasoftware.com
Tue Oct 20 16:56:33 UTC 2009
We have two AD servers, and we're working on having four 389 Masters
geographically distributed, multi-mastered between them, etc, etc, etc.
The goal here is to stop having network hiccups take things out.
The AD servers talk to each other nigh-on instantaneously. Likewise for
the 389 servers. Is it safe to set up sync agreements to *both* AD
servers, in case one goes down? Likewise, is it safe to set up an
agreement to a single AD server on multiple masters, in case we lose one
master?
And for further fun, do I need to install PassSync on both AD servers?
Our windows admin wants to set it up on the password server, and the
documentation on RedHat's site doesn't say it specifically needs to be
on the AD box, but I'm wondering what happens if the password changes
circumvent the password server (an admin manually changes someone's
password on the AD server, for example.)
-- juniper (this is moderately hairy, but once it's worked out, I
will never need to touch it again, I hope)
--
,___,
{o,o} Anne "Juniper" Cross
(___) Senior Linux Systems Engineer and Extropic Crusader
-"-"-- Information Technology, ITA Software
/^^^
More information about the Fedora-directory-users
mailing list