[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and failover

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP and failover
From: Bruno Bonfils <asyd@debian-fr.org>
Date: Fri, 28 Jun 2002 09:58:41 +0200
Content-disposition: inline
In-reply-to: <Pine.LNX.4.44.0206271230070.13590-100000@herbie.shadlen.org>
References: <20020627180129.GA1712@debian-fr.org> <Pine.LNX.4.44.0206271230070.13590-100000@herbie.shadlen.org>
User-agent: Mutt/1.4i

Le jeu 27 juin, David Wright a écrit :
> 
> There is a nice "half-ass" solution that has proved useful for me. If your
> main, critical use of OpenLDAP is for nss_ldap and pam_ldap, you can get
> away without a complete failover solution. Just have your master replicate
> to a slave and set
>   URI ldap://master.example.com ldap://slave.example.com
> in the config files for these libraries. If they cannot contact the
> master, they will use the slave. Your users won't be able to change
> passwords or shells, or read your company LDAP directory in their
> browsers, but they will still be able to log on and work.
> 
this solution seem very simple, but as you say, if the master server
failed, ldap client just can read from slave server.

I have test this solution, with additional bind_timelimit parameter
set to 1, just look the result :

with the primary server up :

mail1:~# time sh -c 'getent passwd | wc -l'
    176

real    0m5.507s

(Nb: i don't know why this result is so long, my network is 100Mb/s
commuted, all ldap server have a very poor load, if you have some
idea, i'm very interesting.. i try to increase cachesize value without
success, if i use nscd it's worst.. moreover i sawn bug with nscd)

with the primary server down :

mail1:~# time sh -c 'getent passwd | wc -l'
    176

real    0m6.509s

result seem very encouraging, just one supplementary second,
corresponding to my bind_timelimit argument, but there is still
problem with writing operation

> For a complete failover solution, you don't use replication at all. You
> have two identical machines (A and B) which share storage (an external,
> dual-ended, SCSI RAID array) and communicate via a heartbeat. When A
> fails, B takes over A's IP address, mounts the storage, and starts up
> slapd. This can be implemented with open source software. I have tested
> many of the components of this (heartbeats, IP takeover, RAID arrays), but

ok i know linux-ha project but i never test ...
> never actually implemented it in production. I have never been able to
> justify the additional hardware costs (not just the second machine, but
> the really pricy external, dual-ended, SCSI RAID array). If you are
i know very poor things about hardware, do you have more information
about good hardware for do this ?
> interested in implementing this and need a consultant, I would be very
> interested in working with you! :-)

he he, i'll prefer that your company recruit me ;p
> 

-- 
Bruno Bonfils                                 http://www.debian-fr.org

References:
- OpenLDAP and failover
  - From: Bruno Bonfils <asyd@debian-fr.org>
- Re: OpenLDAP and failover
  - From: David Wright <ichbin@shadlen.org>

Prev by Date: Re: OpenLDAP and failover
Next by Date: chase referral automaticaly
Index(es):
- Chronological
- Thread