>> I have created a python script that synchronizes groups in an AD LDAP >> database to match groups and users in pts. It uses pts interactive and this >> speeds it up a little bit but not that much. The reads from the database >> goes really >> fast so there is no problem with the comparing. Only changes >> takes time. We have right now 22 groups and about 2650 users. A sync with a >> few updates takes around 2 minutes and I think that is ok. I'm thinking >> about using the timestamp on the group object to see if it has changed >> since the last sync too to make it even faster.
> Do you allow direct PTS editing, or is the database solely emitted? > > If the latter, consider scripting pt_util and simply periodically > replacing the database by stopping one site, writing a newer(*) > database and letting a new quorum push it to the other sites. > > (*) - ubik epoch and version determine if your database is current; > you'd need to be careful to be newer than the last one. I have to think about what I should permit :-P The idea about populate a offline database and then submit it is appealing but maybe it would be nice to let users manage some groups them self. Thanks for the idea thought :-) -- Emil _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
