5:50 p.m.
Since SuSE doesn't support FreeIPA/IdM, and I need to use freeipa as master
controller, I need to be able to have multiple suse hosted 389-ds ldap servers (9) be
read-only mirrors for large numbers of compute node clients (3000).
I have VMs on suse hosts running rocky8.5 for freeipa as test servers. Those nodes sync
fine. I have 389-ds on a single suse host for sync testing. I created replication
agreements using docs on suse site for sles15 sp3 and verified no firewall blocks between
them.
https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-lda...
The sync connects but no data is transferred. I suspect the cause is the 389 system has no
schema like freeipa to sync into.
Next attempt is to perform an ldif backup of the ipa system and restore it to the 389
system. I have concerns about this as there's probably a unique system id in the
backup (I've not grep'ed through it yet). Is this a reasonable process?
This is all still experimental and everything can(will) be wiped and reinstalled(multiple
times as the process is developed). If there are docs on how to sync these, I've not
found them and would really appreciate links
The alternative is to install freeipa containers on the sles systems but the container
readme on github reads like it's still very experimental.
Also as there is no freeipa client package in sles, just sssd-ipa and libhbac0, all of the
sssd configuration will be manual as well as all the certificates between freeipa servers
and sles clients.
--
Computers amplify human error
Super computers are really cool