markcasey
New Member.
687 views

Run OES Server in Isolation

Hi

I have a client with a tree with multiple servers in multiple OU's and
multiple partitions.
The remote servers have the ou=common,o=company partition and
individual ou=site_x,ou=state_X,o=company partitions

The remote servers are platespin protected.
The work when the system fail's over

They dont work properly when the systems do a test mode failover.
They fail beacuse they are in isolation.

These servers do not have the root partition or the o=company
partition, only the above 2 partitions, otherwise the subordiante
reference and partition replicas go nuts.

An admin equivalent user is configured in the ou=common,o=company
nam is configured using that user, but I cant get the systems online

LDAP and eDirectory work, but NAM doesn't

what do I need to do to get nam working and hence nss etc??

Suggestions ??

Thanks in advance

Mark

================


in the test environment - namconfig -k worked with the
alternative-ldap-sever-list removed

I tried removing and reinstalling nam with
base-name = ou=TBCH,ou=WA,o=company in the test (isolated) environment

but the install failed


nam.conf (sanatized)

base-name=o=company
admin-fdn=cn=admincommon,ou=common,o=company
preferred-server=192.168.91.250
alternative-ldap-server-list=192.168.21.240,192.168.21.241
num-threads=5
schema=rfc2307
enable-persistent-cache=yes
user-hash-size=211
group-hash-size=211
persistent-cache-refresh-period=28800
persistent-cache-refresh-flag=all
create-home=yes
type-of-authentication=2
certificate-file-type=der
ldap-ssl-port=636
ldap-port=389
support-alias-name=no
support-outside-base-context=yes
cache-only=no
persistent-search=no
case-sensitive=no
convert-lowercase=no
workstation-context=ou=TBCH,ou=WA,o=company
Labels (2)
0 Likes
5 Replies
peterkuo Absent Member.
Absent Member.

Re: Run OES Server in Isolation

It sounds more like a platespin issue rather than an OES one?

-- eDirectory Rules! Peter www.DreamLAN.com
0 Likes
markcasey
New Member.

Re: Run OES Server in Isolation


No
Its about running an OES server in isolation from the rest of the
Tree.
if i shut a server down, and bring it up again, but without any
connectivity to root, organizational O , ie Admin
the nam configuration OU etc
Whats failing ?

nam seems to fail
ssl seems to fail

Mark





On Tue, 27 May 2014 00:46:02 GMT, peterkuo
<peterkuo@no-mx.forums.novell.com> wrote:

>
>It sounds more like a platespin issue rather than an OES one?
>
>
>--

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Run OES Server in Isolation

On Tue, 27 May 2014 00:54:24 +0000, Mark Casey wrote:

> No
> Its about running an OES server in isolation from the rest of the Tree.


Short answer: You can't do that. It's not going to work. Stop trying to
make it work.


> if i shut a server down, and bring it up again, but without any
> connectivity to root, organizational O , ie Admin the nam configuration
> OU etc
> Whats failing ?


Your design is what's failing. eDirectory is designed to have all servers
available, as part of their participation in a shared database. It's not
designed to have parts of it lopped off to function independently.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
peterkuo Absent Member.
Absent Member.

Re: Run OES Server in Isolation

You can't do that. The whole point of a distributed database is that the data may reside elsewhere other than the local server and you can "get" the info when needed. If you want a server in isolation, then it needs its own tree.

-- eDirectory Rules! Peter www.DreamLAN.com
0 Likes
Bob-O-Rama
Visitor.

Re: Run OES Server in Isolation

markcasey;2320390 wrote:

These servers do not have the root partition or the o=company
partition, only the above 2 partitions, otherwise the subordiante
reference and partition replicas go nuts.


Can you elaborate on the above statement?

If you want to hedge against the root and intermediate parent partitions being inaccessible, you need to replicate them locally. You need a good reason not to.
Subordinate references are not inherently bad. So some more info about the size of your tree, the speed of WAN links, and what "go nuts" means would help us propose a design or fix the underlying issue that leads to you the one you asked about.

-- Bob
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.