[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: scope: global and local stuff in openldap

To: openldap-software@OpenLDAP.org
Subject: Re: scope: global and local stuff in openldap
From: Andreas <andreas@conectiva.com.br>
Date: Mon, 22 Sep 2003 13:32:51 -0300
Content-disposition: inline
In-reply-to: <00ca01c38125$216cfe30$8601a8c0@CELLO>
References: <20030922142824.GA1278@conectiva.com.br> <00ca01c38125$216cfe30$8601a8c0@CELLO>
User-agent: Mutt/1.5.4i

On Mon, Sep 22, 2003 at 09:18:03AM -0700, Howard Chu wrote:
> > With this setup, users at the remote site can see the global
> > part without traversing
> > the WAN link, and changes to the global part are replicated
> > to each remote site.
> >
> > Comments?
> 
> Using OpenLDAP 2.1 I would use the "subordinate" keyword to connect the two
> databases instead of a referral. If you were using OpenLDAP 2.2 I would

Thanks for the tip, I didn't know about the subordinate keyword even though
it's clearly documented in the slapd.conf manpage. Unfortunately, for now, 
I'm tied up with openldap-2.0.x for this.

> consider the possibility of using a caching proxy (back-meta) on the remote
> site to connect to the global data, instead of using explicit replication.

I'm a little wary about replication myself for the purposes of pushing data to
remote sites (and not just a local backup server), but I understand openldap-2.2 has
many advances in the replication area. I'll keep an eye on its development and start to
test it as soon as possible.

> This depends on whether there is a clear usage pattern of the global data at
> the remote sites, so that the caching can be used to good advantage.

Thanks for the tips.

References:
- Re: scope: global and local stuff in openldap
  - From: Andreas <andreas@conectiva.com.br>
- RE: scope: global and local stuff in openldap
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: scope: global and local stuff in openldap
Next by Date: RE: Only encrypt the ldap traffic
Index(es):
- Chronological
- Thread