Hi,
We're currently using 389ds as a backend for sssd and would like to try to improve the
performance by enabling USN on the server side. Our current architecture, however, hides
the individual client facing ldap servers behind a load-balanced VIP so the client never
actually knows which backend it may hit. This poses a problem with USNs because
successive requests may not hit the same server and the USNs are local to the server and
explicitily not replicated. I understand why this is the case (so that multimaster
configs work correctly) but we only run a single master that replicates out to the
client-facing ldap servers (which in turn refer any updates back to the master).
It sounds like we would actually *want* to force the replication of the USNs out to the
client facing servers (so that it doesn't matter which backend you hit, the numbers
will always match) but I can't figure out how to do that (or even if it is possible).
The USN plugin adds 'EXCLUDE entryusn' to the default nsDS5ReplicatedAttributeList
on startup and my attempts to override it this on the individual replication agreemetns
have, thus far, not worked.
Is there some way to make this setup work with USNs?
Thanks...
Show replies by date