  You can run FCDS in one of the following modes:
• standalone
• slave
• master-slave.
Standalone mode
If you want to do all administration from FirstClass, and simply allow LDAP-enabled clients to access the FirstClass Directory, set FCDS to run in standalone mode.
In standalone mode, FCDS builds an in-memory tree view based on the information stored in the FirstClass Directory. Changes made to the Directory are immediately reflected in this tree view.
Users can log into FCDS with an LDAP-enabled client to see or, depending on their permissions, to retrieve Directory information.
FCDS doesn't perform any administration or login authentication in standalone mode. This is done by the FirstClass server.
Slave mode
If you want to do all Directory administration from an external LDAP server, set FCDS to run in slave mode.
 CautionWe don't recommend slave mode for an existing FirstClass installation with a populated Directory. If you do want to run FCDS in slave mode, you must first recreate the contents of the FirstClass Directory on the LDAP server. Slave mode is best used by organizations that are already being administered from an LDAP server, and are new to FirstClass.
In slave mode, FCDS:
• replicates the directory from the LDAP server to the FirstClass Directory
• builds an in-memory tree view based on the replicated information.
Slave mode also allows you to use the LDAP server to authenticate logins.
The FirstClass Directory is fully synched with the LDAP server. Any entries that FCDS finds in the FirstClass Directory, but doesn't find in the LDAP server's directory, are "deleted" from the FirstClass Directory.
Notes
By default, entries aren't actually deleted by FCDS. Instead, they are unlisted and added to a group called DS Deleted. You can recover these entries by listing them again and removing them from the DS Deleted group. But keep in mind that you must add them to the LDAP server's directory before the next replication, or they will be "deleted" again.
FCDS won't add a user who has the same user ID as a user in the DS Deleted group.
If you want the FirstClass Directory to reflect only a specific subtree of the LDAP server's directory, specify a root DN that starts at the top of that subtree.
Master-slave mode
If you want to do Directory administration from both FirstClass and an external LDAP server, set FCDS to run in master-slave mode.
Note
This mode is useful if you have an existing FirstClass installation, and want to gradually move Directory administration to an external LDAP server.
In master-slave mode, FCDS:
• builds an initial in-memory tree view based on the information stored in the FirstClass Directory
FirstClass is considered the owner of these entries.
• replicates the directory from the LDAP server to the FirstClass Directory.
The LDAP server is considered the owner of entries added as a result of this replication.
Master-slave mode also allows you to use the LDAP server to authenticate logins.
FCDS follows these rules when replicating:
• entries in the FirstClass Directory that have the same DN as an entry in the LDAP server's directory are replaced by the entry from the LDAP server, and the LDAP server is considered the owner of those entries
This provides for an easy and gradual migration of administration to the LDAP server.
• entries in the LDAP server's directory that extend the existing tree will cause the FirstClass Directory's tree view to extend
• entries in the LDAP server's directory that don't have DNs, or have unresolvable DNs, aren't added to the FirstClass Directory.
• subsequent updates to entries will only be accepted if they were done on the server that owns the entries.
Note
If the LDAP server issues a command to delete one of its entries, the entry isn't actually deleted by default. Instead, it is unlisted and added to a group called DS Deleted. You can recover this entry by listing it again and removing it from the DS Deleted group.
If you want the FirstClass Directory to reflect only a specific subtree of the LDAP server, specify a root DN that starts at the top of that subtree.
|