[Date Prev][Date Next] [Chronological] [Thread] [Top]

Seeking comments on replication

To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Subject: Seeking comments on replication
From: Dave Horsfall <daveh@ci.com.au>
Date: Tue, 29 Oct 2002 11:44:50 +1100 (EST)

I've inherited an OpenLDAP installation (2.0.25), and I'm seeking comments
as to whether the replication setup makes any sense, or whether it can be
improved.

We have branches in several countries - USA, Thailand, Singapore,
Indonesia, and Malaysia (head office is in Australia).  Each of these
is in a separate directory, mastered by that region and replicated
everywhere else (with a top-level one to tie them together).  Thus
we have, for example, something like this in slapd.conf (just the
highlights):

database	ldbm
directory	/usr/local/openldap-ldbm/au
replogfile	/usr/local/etc/openldap/replog/log
replica		host=ldap2.au.cordoors.com:389
replica		host=ldap.my.cordoors.com:389
replica		host=ldap.us.cordoors.com:389
replica		host=ldap.id.cordoors.com:389

database	ldbm
directory	/usr/local/openldap-ldbm/my
replogfile	/usr/local/etc/openldap/replog/log
replica 	host=ldap2.au.cordoors.com:3089
replica		host=ldap.us.cordoors.com:3089
updatedn	"cn=ModMan,dc=my,dc=cordoors,dc=com"
updateref	ldaps://ldap.my.cordoors.com:636

database	ldbm
directory	/usr/local/openldap-ldbm/id
replogfile	/usr/local/etc/openldap/replog/log
replica 	host=ldap2.au.cordoors.com:3090
replica		host=ldap.us.cordoors.com:3090
updatedn	"cn=ModMan,dc=id,dc=cordoors,dc=com"
updateref	ldaps://ldap.id.cordoors.com:636

And so on.  Soemthing that may not be evident in the above is that we
do a lot of replica chaining e.g. Thailand replicates to Malaysia which
replicates in turn to Australia which replicates to USA and a backup.  It
seems to be crying out for a working multi-master setup, but let's not
go down that track just yet.

Note in particular the "port" of 3089 etc; it's not a port, but something
to make a unique entry in the slurpd.status file.  The slurpd source was
modified to hard-wire port 389 (not by me, remember) and in my view
having to modify source is a sure sign we're doing something wrong...

So, I guess my question is, does this setup make sense, or is there a
better way?

-- 
Dave Horsfall  DTM  VK2KFU  daveh@ci.com.au  Ph: +61 2 9906-4333

Prev by Date: Re: rlookup
Next by Date: Users in multiple OUs
Index(es):
- Chronological
- Thread