From owner-freebsd-questions@FreeBSD.ORG Tue Mar 25 07:04:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E9803106564A for ; Tue, 25 Mar 2008 07:04:44 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (unknown [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 2A70A8FC2C for ; Tue, 25 Mar 2008 07:04:43 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id m2P74XlD005703; Tue, 25 Mar 2008 07:04:34 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.5.0 smtp.infracaninophile.co.uk m2P74XlD005703 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infracaninophile.co.uk; s=200708; t=1206428674; bh=QR3NmxJl7wqZGg ypT0IhHu7NGJZAMpDx0NXwGgmMsHA=; h=Message-ID:Date:From:MIME-Version: To:CC:References:In-Reply-To:Content-Type:Cc:Content-Type:Date: From:In-Reply-To:Message-ID:Mime-Version:References:To; z=Message- ID:=20<47E8A3FB.7080405@infracaninophile.co.uk>|Date:=20Tue,=2025=2 0Mar=202008=2007:04:27=20+0000|From:=20Matthew=20Seaman=20|Organization:=20Infracaninophile|User-Agen t:=20Thunderbird=202.0.0.12=20(X11/20080310)|MIME-Version:=201.0|To :=20Patrick=20C=20|CC:=20Tim=20Judd=20,=20Jon=20Theil=20Nielsen=20,=20=0D=0A =20freebsd-questions@freebsd.org|Subject:=20Re:=20A=20general=20pur pose=20LDAP=20solution?|References:=20<8f82c35c0803231523i52e55906t fd3cf96b36fe70d7@mail.gmail.com>=09<8f82c35c0803231526n5a429cb5t1c8 1a7f98dfb19ea@mail.gmail.com>=09<8f82c35c0803241540k36c8d551tfcfd17 2d6a4a7f9b@mail.gmail.com>=09<47E83215.8030705@gmail.com>=20<34394a 3a0803241614q160b9968vebab8bd4f4fb53f0@mail.gmail.com>|In-Reply-To: =20<34394a3a0803241614q160b9968vebab8bd4f4fb53f0@mail.gmail.com>|X- Enigmail-Version:=200.95.6|Content-Type:=20multipart/signed=3B=20mi calg=3Dpgp-sha256=3B=0D=0A=20protocol=3D"application/pgp-signature" =3B=0D=0A=20boundary=3D"------------enig9AAE64472E61494B7BA368DD"; b=uythkfoqJYxndwG/oHQIc3omks1ReghyXweIcX/aI3mXyhE2fHbBt3/cJLpDGbfIA kKBDBy89kwfjncZUXSGO94j2kbRak57oXUdj74UBSbJMNpahqHdrjzDkYWfhgN4rAiN hlJj9skaWAiQgTRLjHjc/4SMMgVOHero4FyFo1M= Message-ID: <47E8A3FB.7080405@infracaninophile.co.uk> Date: Tue, 25 Mar 2008 07:04:27 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.12 (X11/20080310) MIME-Version: 1.0 To: Patrick C References: <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> <8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com> <47E83215.8030705@gmail.com> <34394a3a0803241614q160b9968vebab8bd4f4fb53f0@mail.gmail.com> In-Reply-To: <34394a3a0803241614q160b9968vebab8bd4f4fb53f0@mail.gmail.com> X-Enigmail-Version: 0.95.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig9AAE64472E61494B7BA368DD" X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Tue, 25 Mar 2008 07:04:34 +0000 (GMT) X-Virus-Scanned: ClamAV 0.92.1/6388/Tue Mar 25 01:33:11 2008 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on happy-idiot-talk.infracaninophile.co.uk Cc: Tim Judd , Jon Theil Nielsen , freebsd-questions@freebsd.org Subject: Re: A general purpose LDAP solution? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2008 07:04:45 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9AAE64472E61494B7BA368DD Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Patrick C wrote: > Is there any support for built-in redundancy on the server level? I jus= t > need changes replicated, CARP can handle failover. with LDAP? Sure. In fact, there are two mechanisms available with OpenLDAP: replicated and 'syncrepl'. See http://www.openldap.org/doc/admin24/config.html#Replicated%20Directory%20= Service Actually, that diagram is confusing: the basic replication uses a=20 separate process 'slurpd' to manage updating the slave server, whereas synchronous replication just uses a connection from the slave slapd to the master. Synchrepl seems to me to be the way to go. In any case, the way the system works is this: one LDAP instance is the master and the only one to allow writes to itself. The other instances get a feed of all updates which allows them to maintain a duplicate of the database contents. You can issue writes to the slave LDAPs but they will be transformed into referrals to the master server -- ie. your clien= t needs to be able to access the master if it needs to write to the databas= e. ie. If all you ever want to do is *read* from LDAP during normal operatio= n, then you can make a nice replicated resilient system. If you need to routinely *write* to the DB, then no, you need to have the master server available. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig9AAE64472E61494B7BA368DD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkfopAAACgkQ8Mjk52CukIy1+gCdFxGbtp++pS0RHTZfSOlfYV1a ge0AnA3DFLjFoQ5U2PKfaRIH/djRp8R+ =LEyN -----END PGP SIGNATURE----- --------------enig9AAE64472E61494B7BA368DD--