A general purpose LDAP solution?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Tue Mar 25 00:04:45 PDT 2008
Patrick C wrote:
> Is there any support for built-in redundancy on the server level? I just
> need changes replicated, CARP can handle failover.
with LDAP? Sure. In fact, there are two mechanisms available with
OpenLDAP: replicated and 'syncrepl'. See
http://www.openldap.org/doc/admin24/config.html#Replicated%20Directory%20Service
Actually, that diagram is confusing: the basic replication uses a
separate process 'slurpd' to manage updating the slave server, whereas
synchronous replication just uses a connection from the slave slapd to
the master. Synchrepl seems to me to be the way to go.
In any case, the way the system works is this: one LDAP instance is the
master and the only one to allow writes to itself. The other instances
get a feed of all updates which allows them to maintain a duplicate of
the database contents. You can issue writes to the slave LDAPs but they
will be transformed into referrals to the master server -- ie. your client
needs to be able to access the master if it needs to write to the database.
ie. If all you ever want to do is *read* from LDAP during normal operation,
then you can make a nice replicated resilient system. If you need to
routinely *write* to the DB, then no, you need to have the master server
available.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080325/ba4b8a40/signature.pgp
More information about the freebsd-questions
mailing list