Date: Tue, 25 Mar 2008 07:04:27 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Patrick C <pcloches@gmail.com> Cc: Tim Judd <tajudd@gmail.com>, Jon Theil Nielsen <jontheil@gmail.com>, freebsd-questions@freebsd.org Subject: Re: A general purpose LDAP solution? Message-ID: <47E8A3FB.7080405@infracaninophile.co.uk> In-Reply-To: <34394a3a0803241614q160b9968vebab8bd4f4fb53f0@mail.gmail.com> References: <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> <8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com> <47E83215.8030705@gmail.com> <34394a3a0803241614q160b9968vebab8bd4f4fb53f0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9AAE64472E61494B7BA368DD Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Patrick C wrote: > Is there any support for built-in redundancy on the server level? I jus= t > need changes replicated, CARP can handle failover. with LDAP? Sure. In fact, there are two mechanisms available with OpenLDAP: replicated and 'syncrepl'. See http://www.openldap.org/doc/admin24/config.html#Replicated%20Directory%20= Service Actually, that diagram is confusing: the basic replication uses a=20 separate process 'slurpd' to manage updating the slave server, whereas synchronous replication just uses a connection from the slave slapd to the master. Synchrepl seems to me to be the way to go. In any case, the way the system works is this: one LDAP instance is the master and the only one to allow writes to itself. The other instances get a feed of all updates which allows them to maintain a duplicate of the database contents. You can issue writes to the slave LDAPs but they will be transformed into referrals to the master server -- ie. your clien= t needs to be able to access the master if it needs to write to the databas= e. ie. If all you ever want to do is *read* from LDAP during normal operatio= n, then you can make a nice replicated resilient system. If you need to routinely *write* to the DB, then no, you need to have the master server available. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig9AAE64472E61494B7BA368DD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkfopAAACgkQ8Mjk52CukIy1+gCdFxGbtp++pS0RHTZfSOlfYV1a ge0AnA3DFLjFoQ5U2PKfaRIH/djRp8R+ =LEyN -----END PGP SIGNATURE----- --------------enig9AAE64472E61494B7BA368DD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47E8A3FB.7080405>