Re: Being a consumer and a provider for the same database (toward different servers) ?

["Dieter Kluenter" <dieter@dkluenter.de>]

jmbajet@gmail.com writes:

> Hello,
>
> I'am quite new to Ldap and OpenLdap,
>
> I must propose a solution that is stable and very reliable.
> so I don't know which solution is Best.
>
> * A hub server which polls changes from subsidiaries and then
> subsidiaries polls changes from other subsidiaries from the hub server
>
> * Or a back-ldap with proxycaching in the subsidiaries
>
>
> -Do LDAP users in the subsidiaries will be seen by the main server as normal direct ldap
> connections ?

No, the clients in the subsidiaries cantact the local ldap proxy

> -Do the ACL (for LDAP users) on the real main server won't be
> bypassed ?

That depends on your configuration. You may either configure the ldap
proxies to use proxyauth or pass simple binds through to the master

> -Do I need to design the directory (schema, acl) with the fact that I may use a
> proxy ?

You may configure ACL's on your master to match proxyauth
authentication.

> - Does populating large group with members (>1000 < 10000) work well
> (through proxy) ?

Yes.
>
> In other words , is the proxy real transparent to Ldap client
> operations (read, writes) or Acl, schema definitions
> (I don't want to do any attributes or object mapping)

Yes, as long as the master is an openldap server.

> - Do the back-end ldap and proxy cache are stable and reliable enough to be used
> in a heavy production env. ?

In most cases, yes, but you should test it in your environment

> (The directory must be deployed in 8 month so I hope until then Old
> 2.3.x will be stable)


That is plenty of time :-)

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6