OpenLDAP + CARP

Rafael NAVAZA rnavaza at hotmail.com
Tue Sep 20 11:02:49 UTC 2011 

Thank you for the reply Matthew.

I'm indeed using the built in 
failover capability of LDAP clients. It works just fine when the first 
LDAP server is powered off, but it does not work that well when slapd 
becomes a zombi ( because the clients take about 1 min to try the second
 LDAP server, for each request, every time ... )
It is for that reason I'm interested in building a HA cluster for OpenLDAP.

I'm
 currently using the single-master replication and I will certainly move
 to a mirrormode or a n-way multimaster replication schema (as long as 
the multimaster is used with CARP, this mode is equivalent to a 
mirrormode with more than 2 replicas, isn't it ?).

As far as I 
know CARP will not check if the slapd is running correctly; that could 
be a problem if the CARP Master has a failing slapd. Do I have to 
monitor slapd with a third party software (like Monit) ? Can I configure
 CARP and OpenLDAP to watch each other more closely ?

Rafael.

> Date: Tue, 20 Sep 2011 09:04:21 +0100
> From: m.seaman at infracaninophile.co.uk
> To: rnavaza at hotmail.com
> CC: freebsd-questions at freebsd.org
> Subject: Re: OpenLDAP + CARP
> 
> On 19/09/2011 15:54, Rafael NAVAZA wrote:
> > Is there a way to setup an OpenLDAP HA cluster (intersite multimaster) with CARP on FreeBSD ?
> 
> Hmmm...  So long as both the LDAP servers are on the same network
> segment, and so long as they have separate addresses for their
> replication channel, then I can't see why that wouldn't work.
> 
> However, LDAP, by its nature has a failover capability built in.  You
> can just list several LDAP servers in your ldap.conf and each will be
> tried in turn until you get an answer.  Or put a comma separated list of
> several servers into a ldap:/// or ldaps:/// style URI.
> 
> There's also a way you can use SRV records with LDAP -- that gives you
> weighted load distribution over a number of servers. See RFC 3088.
> Note that not all LDAP clients support this, and its still only an
> experimental service.
> 
> 	Cheers,
> 
> 	Matthew
> 
> -- 
> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>                                                   Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
> JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW
>

More information about the freebsd-questions mailing list