From owner-freebsd-questions@FreeBSD.ORG Thu Jul 8 21:51:54 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74DE51065672 for ; Thu, 8 Jul 2010 21:51:54 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id E92478FC12 for ; Thu, 8 Jul 2010 21:51:53 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o68LpcS5084226 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 8 Jul 2010 22:51:46 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4C364863.4080700@infracaninophile.co.uk> Date: Thu, 08 Jul 2010 22:51:31 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5 MIME-Version: 1.0 To: Frank Bonnet References: <4C358AA1.40208@esiee.fr> In-Reply-To: <4C358AA1.40208@esiee.fr> X-Enigmail-Version: 1.0.1 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC8C35EA3D675D4823CA7E27A" X-Virus-Scanned: clamav-milter 0.96.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_50,DKIM_ADSP_ALL, SPF_FAIL autolearn=no version=3.3.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lucid-nonsense.infracaninophile.co.uk Cc: "freebsd-questions@freebsd.org" Subject: Re: Openldap clustering ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2010 21:51:54 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC8C35EA3D675D4823CA7E27A Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 08/07/2010 09:21:53, Frank Bonnet wrote: > Could anybody recommend a rock solid software to build > an OpenLDAP cluster with FreeBSD 8.0 ? Well, you're off to a good start with FreeBSD and OpenLDAP. In fact, you don't really need much more than that. As mentioned else-thread, you can set up master-master replication between a couple of OpenLDAP instances quite readily: unlike say, M-M replication in MySQL, this is pretty robust[*] and you can write to the directory on either server. You can also expand to a ring topology with three or more servers, plus many other possibilities, and site-to-site replication also works pretty well over long distances, but that's probably getting beyond the scope of what you want. The really handy thing about LDAP is that you can do quite a reasonable High-Availability setup with no extra software or hardware -- it's a lot like DNS in that respect. Simply specify a series of LDAP servers in the ldap.conf (or pam-ldap.conf or nss-ldap.conf) on each client, and the client will try each in turn until it reaches one it can bind to successfully. This does introduce a little extra latency here and there, but nothing particularly drastic. There is also a method of distributing traffic using SRV records that can be managed centrally in the DNS but AFAIK, {nss,pam}-ldap.conf don't understand it -- other clients do and will work just fine. You can use CARP or relayd or HW load balancers or other technologies to make the H-A almost seamless, but frequently the extra complication just doesn't provide enough extra performance to justify the effort or the expense. Test early, and test often while working up your cluster. Cheers, Matthew [*] Partly this is due to the intrinsic nature of LDAP directories, where there tend to be far fewer uniqueness constraints, and partly its because LDAP servers generally service far more reads than writes -- more so than typical RDBMS usage. Mostly however, it's because LDAP replicates the modified data, rather than replaying a stream of update queries on the replication targets. --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enigC8C35EA3D675D4823CA7E27A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkw2SGoACgkQ8Mjk52CukIxz6wCfY0VV2f8Y2NxVReuaCVt5fAD9 NAgAn0/HckaRodMuIqQbuVhDFCM7BpNM =vgVl -----END PGP SIGNATURE----- --------------enigC8C35EA3D675D4823CA7E27A--