[389-users] Re: referral on update equivalent with dsconf
> On 22 May 2019, at 21:23, Angel Bosch wrote: > > replying to myself to clarify the original doubt: > > executing something like this on master1 machine: > > dsconf master1 repl-agmt create --suffix dc=global --host slave1.example.net > --port 389 --conn-protocol LDAP --bind-dn cn=repmanager,cn=config > --bind-passwd --bind-method SIMPLE master1-to-slave1 > > will create replication agreement as described in 15.2.4. of official docs > AND will modify nsslapd-state and nsslapd-referral on slave1 as described in > 15.2.2. so you don't need to manually perform that last step on consumers. Yep, that sounds correct. > > > > and I would like to note too that enabling replication with dsconf will also > create replication manager if you specify --bind-passwd so you save an extra > step. > the command should be something like this: > > dsconf master1 replication enable --suffix dc=global --role master > --replica-id 666 --bind-dn "cn=repmanager,cn=config" --bind-passwd YYY A that's also a surprise but glad that it works ... > > > I'll leave all this here just in case any other script lover needs to modify > their recipes. > > that being said, I love those new tools! they can need some polishing but > dsconf and dsctl are awesome! Really happy you like them! If you have feedback or improvements to suggest, please always let us know. :D > > > good job! > > abosch > > - Missatge original - >> De: "Angel Bosch" >> Per: "General discussion list for the 389 Directory server project." >> <389-users@lists.fedoraproject.org> >> Enviats: Dimecres, 22 de Maig 2019 9:32:30 >> Assumpte: [389-users] Re: referral on update equivalent with dsconf >> >>> which is why the cli tools were misleading you here sadly. I think >>> we as a team, need to review and understand what happened here to >>> cause them to mislead a person about their function. :( >>> >>> Sorry that this confusion occured. Does my answer help? >>> >> >> sure! you're answers are always very deep and insightful. >> >> for me the main problem is that new DS 1.4 is right here but docs are >> still about 1.3 and I'm trying to translate my scripts and recipes. >> >> I was using some kind of old wrappers to install, configure and >> launch my instances and I'm struggling with new tools. >> >> that being said, I love those new tools! they can need some polishing >> but dsconf and dsctl are awesome! >> >> keep it this way guys! >> >> >> abosch >> ___ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to >> 389-users-le...@lists.fedoraproject.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >> > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: referral on update equivalent with dsconf
replying to myself to clarify the original doubt: executing something like this on master1 machine: dsconf master1 repl-agmt create --suffix dc=global --host slave1.example.net --port 389 --conn-protocol LDAP --bind-dn cn=repmanager,cn=config --bind-passwd --bind-method SIMPLE master1-to-slave1 will create replication agreement as described in 15.2.4. of official docs AND will modify nsslapd-state and nsslapd-referral on slave1 as described in 15.2.2. so you don't need to manually perform that last step on consumers. and I would like to note too that enabling replication with dsconf will also create replication manager if you specify --bind-passwd so you save an extra step. the command should be something like this: dsconf master1 replication enable --suffix dc=global --role master --replica-id 666 --bind-dn "cn=repmanager,cn=config" --bind-passwd YYY I'll leave all this here just in case any other script lover needs to modify their recipes. good job! abosch - Missatge original - > De: "Angel Bosch" > Per: "General discussion list for the 389 Directory server project." > <389-users@lists.fedoraproject.org> > Enviats: Dimecres, 22 de Maig 2019 9:32:30 > Assumpte: [389-users] Re: referral on update equivalent with dsconf > > > which is why the cli tools were misleading you here sadly. I think > > we as a team, need to review and understand what happened here to > > cause them to mislead a person about their function. :( > > > > Sorry that this confusion occured. Does my answer help? > > > > sure! you're answers are always very deep and insightful. > > for me the main problem is that new DS 1.4 is right here but docs are > still about 1.3 and I'm trying to translate my scripts and recipes. > > I was using some kind of old wrappers to install, configure and > launch my instances and I'm struggling with new tools. > > that being said, I love those new tools! they can need some polishing > but dsconf and dsctl are awesome! > > keep it this way guys! > > > abosch > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to > 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: referral on update equivalent with dsconf
> which is why the cli tools were misleading you here sadly. I think > we as a team, need to review and understand what happened here to > cause them to mislead a person about their function. :( > > Sorry that this confusion occured. Does my answer help? > sure! you're answers are always very deep and insightful. for me the main problem is that new DS 1.4 is right here but docs are still about 1.3 and I'm trying to translate my scripts and recipes. I was using some kind of old wrappers to install, configure and launch my instances and I'm struggling with new tools. that being said, I love those new tools! they can need some polishing but dsconf and dsctl are awesome! keep it this way guys! abosch ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: referral on update equivalent with dsconf
> On 21 May 2019, at 21:37, Angel Bosch Mora wrote: > > Hi, > > is this new command: > > dsconf instance replication set --suffix "dc=example,dc=net" --repl-add-ref > master1.example.net > > > the same as this modification? > > REF_LDIF="dn: cn=dc\=example\,dc\=net,cn=mapping tree,cn=config > changetype: modify > replace: nsslapd-referral > nsslapd-referral: ldap://master1.example.net:389/dc\=example\,dc\=net > - > replace: nsslapd-state > nsslapd-state: referral on update > " > > echo "$REF_LDIF" | ldapmodify -h "$HOST" -x -D "$ROOT_DN" -w "$ROOT_PASS" > > I'm trying to follow all docs > https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-configuring-replication-cmd > > but with new tools, and I'm struggling with some commands. > > regards, > > abosch > I don't think so. I think some of the commands were created to be "manipulating attributes" rather than 'recipe oriented', which leads to this confusion because we do not clearly convey the intent of the action that teh command will execute. A better command syntax here would have been "dsconf instance replication role read-only configure-write-referal", where the the ldif you list would be "dsconf instance query-routing add-remote-referral" or something like that. In this command you have listed, it is setting and controlling the value of nsDS5ReplicaReferral in the replication agreement. This means that a read-only consumer when updated will return a referral to a writable server. The modification you list is about allowing a server which is *not* part of the replication topology to be able to provide referrals to another server that can fufil the request. To demonstrate the two scenarios with an example: [ Write Server A ] -- replication --> [ RO server B ] ^| ^ | 3. 2. | | 1. |v | \ [ client ] 1. Client writes under (dc=a) to RO server 2. RO Server returns referral to Write Server A 3. Client follows the referral and attempts the write of (dc=a) on A [ Server A (dc=a) ][ Server B (dc=b) ] ^| ^ | 3. 2. | | 1. |v | \ [ client ] 1. Client wants to READ or WRITE to (dc=a) on Server B 2. Mapping tree router determines a referral should be sent and responds with referral to Server A 3. Client follows referral and re-attempts on Server A. So I think that really, mapping tree is an ldap router function inside the server, so perhaps it's best to consider it like that, which is why the cli tools were misleading you here sadly. I think we as a team, need to review and understand what happened here to cause them to mislead a person about their function. :( Sorry that this confusion occured. Does my answer help? > > > > > -- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol > fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i > pot contenir informacio confidencial. En cap cas no heu de copiar aquest > missatge ni lliurar-lo a terceres persones sense permis expres de l'IMAS. Si > no sou la persona destinataria que s'hi indica (o la responsable de > lliurar-l'hi) us demanam que ho notifiqueu immediatament a l'adreca > electronica de la persona remitent. > -- Abans d'imprimir aquest missatge, pensau si es realment necessari. > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
