Manualshelf

HP-UX Directory Server 8.1 deployment guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
919293949596979899100
Windows and Directory Server services are kept continuously synchronized through the
synchronization agreement, which minimizes potential conflicts between the two services.
However, if the Directory Server is part of a replication deployment, then conflicts could arise
between changes made within the Directory Server replication scenario and the Windows domain
depending on the replication schedule.
Consider which server will be the data master when the data resides in two different directory
services, and decide how much of that information will be shared. The best course is to choose
a single directory service to master the data and allow the synchronization process to add, update,
or delete the entries on the other service.
Choose one area (Windows domain or Directory Server) to master the data. Alternatively, choose
a single Directory Server as a data master and synchronize it with each Windows domain. If the
Directory Server is involved in replication, design the replication structure to avoid conflicts,
losing data, or overwriting data.
How master copies of the data are maintained depends on the specific needs of the deployment.
Regardless of how data masters are maintained, keep it simple and consistent. For example, do
not attempt to master data in multiple sites, then automatically exchange data between competing
applications. Doing so leads to a "last change wins" scenario and increases administrative
overhead.
7.2.5 Determining the subtree to synchronize
Only a single Directory Server subtree can be synchronized to a single Windows subtree, and it
is recommended that there only be a single synchronization agreement between directory services.
Select or design the parts of the directory trees to synchronize; consider designing special suffixes
specifically for synchronized entries.
7.2.6 Interaction with a replicated environment
Synchronization links a Directory Server suffix and subtree (for example, ou=People,
dc=example,dc=com) to a corresponding Windows domain and subtree
(cn=Users,dc=test,dc=com). Each subtree can be synchronized only to one other subtree to
avoid naming conflicts and change conflicts.
To take advantage of Windows Sync, use it with a Directory Server supplier in multi-master
replication synchronized to a member of a Windows domain. This propagates changes through
both directory systems while keeping the information centralized and easy to maintain. It also
makes it easier to master the data.
96 Designing synchronization