On 25/11/2025 17:50, Antonis Kopsaftis via 389-users wrote:
> Hello,
>
> I have a two-node 389ds cluster with Oracle Linux 9.7 x64 servers
> running 389 version 2.4.6 (compiled following the instructions from the
> official page of 389ds).
> Each server is a VM with 4vcpus and 10GB RAM on fast FC SSD storage.
>
I am seeing something very similar on a two node cluster on Rocky 10.0
using 3.0.6 from the distro Appstream repo. We have moved from NIS
servers to the LDAP cluster to support the HPC facility and like you we
are on VM's on fast SSD's (a Proxmox cluster - thanks Broadcom). Note
the HPC system is running Rocky 9.6 (third party software constraints)
but I am running the LDAP servers on Rocky 10 so I don't have to touch
them again (other than doing "dnf update") for many years :-)
I have the DNA plugin loaded and configured, though it is not working
properly but that's another issue. It's not always assigning a new user
the correct UID, though I have a really dirt hack to work around it in
the user account creation script we use.
Basically I wrote a Perl script which generated a Bash shell script that
would create all the users and groups on the 389-ds servers using dsidm
commands, with a final dsconf to set the value for the DNA plugin. I Ran
the script on the NIS master server and copied it over to one of the
389-ds servers on migration day.
It took several hours to create the ~1600 users on the 389-ds servers.
While this was much slower than anticipated it was not an issue for us
because we had halted creation of new users on the NIS servers for the
day, and only started changing the nodes to LDAP once the import had
completed.
Testing had shown we could make the flip live. Basically update the sssd
config to use LDAP, restart sssd, then issue an "sss_cache -E". Push the
update using your favourite configuration manager :-)
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment