Hi List, I would like to know if there is a cfg option in a multimaster replication ( 2 servers both accept read-writes) to prevent users/clients application writes to one of the master without affecting the replication agreements. my env 389-ds 1.3.4.4 Thank you Isabella
Hi, I don't know if it will perform well but, you can create an ACI on the top of the tree and negate writes for all, except the master 2 IP.
2016-01-21 15:27 GMT-02:00 ghiureai isabella.ghiurea@nrc-cnrc.gc.ca:
Hi List, I would like to know if there is a cfg option in a multimaster replication ( 2 servers both accept read-writes) to prevent users/clients application writes to one of the master without affecting the replication agreements. my env 389-ds 1.3.4.4 Thank you Isabella -- 389 users mailing list 389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
On Thu, 2016-01-21 at 22:50 -0200, carne_de_passaro wrote:
Hi, I don't know if it will perform well but, you can create an ACI on the top of the tree and negate writes for all, except the master 2 IP.
The aci will replicate because this is MMR.
Hi List, I would like to know if there is a cfg option in a multimaster replication ( 2 servers both accept read-writes) to prevent users/clients application writes to one of the master without affecting the replication agreements. my env 389-ds 1.3.4.4 Thank you Isabella
You are actually asking for a read only replica ... if a rw master accepts no writes, it's a read only. If it accepts no writes it has nothing to transmit back to the other master .... you want a read only replica.
Otherwise, if you want rw masters, there is no reason to limit yourself to writes only on one master. That's the point of the replication protocol, to remove the point of failures in write targets.
----- Original Message -----
From: "William Brown" wibrown@redhat.com To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Sent: Friday, January 22, 2016 4:28:57 AM Subject: [389-users] Re: multimaster replication -preventing clients writes
On Thu, 2016-01-21 at 22:50 -0200, carne_de_passaro wrote:
Hi, I don't know if it will perform well but, you can create an ACI on the top of the tree and negate writes for all, except the master 2 IP.
The aci will replicate because this is MMR.
Yes, but it will be evaluated as false only in master 2. So, master 2 will allow writes while in master 1, they will be forbidden.
But I agree it could be nicer to have a read only replica.
Hi List, I would like to know if there is a cfg option in a multimaster replication ( 2 servers both accept read-writes) to prevent users/clients application writes to one of the master without affecting the replication agreements. my env 389-ds 1.3.4.4 Thank you Isabella
You are actually asking for a read only replica ... if a rw master accepts no writes, it's a read only. If it accepts no writes it has nothing to transmit back to the other master .... you want a read only replica.
Otherwise, if you want rw masters, there is no reason to limit yourself to writes only on one master. That's the point of the replication protocol, to remove the point of failures in write targets.
-- Sincerely,
William Brown Software Engineer Red Hat, Brisbane
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
On 01/22/2016 04:09 PM, German Parente wrote:
----- Original Message -----
From: "William Brown" wibrown@redhat.com To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Sent: Friday, January 22, 2016 4:28:57 AM Subject: [389-users] Re: multimaster replication -preventing clients writes
On Thu, 2016-01-21 at 22:50 -0200, carne_de_passaro wrote:
Hi, I don't know if it will perform well but, you can create an ACI on the top of the tree and negate writes for all, except the master 2 IP.
The aci will replicate because this is MMR.
Yes, but it will be evaluated as false only in master 2. So, master 2 will allow writes while in master 1, they will be forbidden.
the ip address in the ip aci rule defines and uses the client ip address, so it can control "from" where it is writable.
But I agree it could be nicer to have a read only replica.
Hi List, I would like to know if there is a cfg option in a multimaster replication ( 2 servers both accept read-writes) to prevent users/clients application writes to one of the master without affecting the replication agreements. my env 389-ds 1.3.4.4 Thank you Isabella
You are actually asking for a read only replica ... if a rw master accepts no writes, it's a read only. If it accepts no writes it has nothing to transmit back to the other master .... you want a read only replica.
Otherwise, if you want rw masters, there is no reason to limit yourself to writes only on one master. That's the point of the replication protocol, to remove the point of failures in write targets.
-- Sincerely,
William Brown Software Engineer Red Hat, Brisbane
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
389-users@lists.fedoraproject.org