[Fedora-directory-users] Replication Possibilities

Ulf Weltman ulf.weltman at hp.com
Mon Mar 19 18:08:27 UTC 2007


David Boreham wrote:
> Paxton, Darren wrote:
>
>> Unfortunately, our current strategy is to have Active Directory as 
>> the single Directory for user management so as to make our Service 
>> Desk more efficient. We also have a policy of removing all single 
>> points of failure from within our enterprise, therefore I was looking 
>> at having two windows sync agreements from two Fedora Master servers 
>> to two different members of the same Active Directory.
>
> You can configure this setup, but I don't think it'll quite work.
> Bad things such as loops between the AD replication and
> FDS replication can occur. Ulf Weltman did some investigation
> on this a while back. You might be able to find his comments
> in the list archive.
>
This is the configuration I debugged:  In a configuration with two DS in 
MMR (M1 and M2) and two AD in the same domain (AD1 and AD2), M1 is 
configured to sync with AD1 and M2 to sync with AD2, and password sync 
on AD1 pointing to M1 and on AD2 pointing to M2, we have a ring 
configuration with good availability.

 From what I hear it went into use with a couple of limitations:
Dual winsync paths results in LDAP ADD collision on AD 
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182515)
Dual winsync paths results in LDAP DEL collision on DS 
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=184155)





More information about the Fedora-directory-users mailing list