On 03/17/2015 06:11 PM, William wrote:
So in the case of having RI on two ldap servers, you would set this to
off, since the server that handled the delete will replicate the other
updates soon after. In the case of RI on a single server, when the
non-RI server issues a delete, the RI enabled server would be triggered
to run the RI checks. Is that correct?
Correct, but the RI enabled server needs to have
nsslapd-pluginAllowReplUpdates set to "on" if there are any other
master/supplier replication servers that do not have RI plugin enabled.
Thanks for making sure I was clear on this.
Given that you seem to be quite familiar with the refint code, can you
comment on the ability to run two masters with both having the plugin
enabled?
This is the preferred way, and requires no "special" configuration
steps. Ideally all the servers in a replicated deployment should have
the same plugin configurations. It's when server configurations are not
the same that you can run into issues(e.g. needing to set
nsslapd-pluginAllowReplUpdates to "on", etc).
Interesting. All the Redhat 389 documentation states that you should NOT
enable this on multiple masters. Is this recommendation in the
documentation something that should be reviewed?
Yeah this is probably outdated. In the RI plugin there is specific code
to ignore replicated operations (hence the reason for the new config
setting). By default this will all work just fine, the config setting
is only for corner cases where the masters do not have the RI plugin
enabled, but the hubs/consumers do.
I'll be including this in the my write up. Hopefully I can get it done
this week.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
