[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DR scenerio

To: openldap-technical@openldap.org
Subject: Re: DR scenerio
From: Brandon Hume <hume-ol@bofh.ca>
Date: Thu, 01 Aug 2013 13:34:19 -0300
In-reply-to: <OFF29190D3.CA47220D-ON86257BB9.004A12B0-86257BB9.004A1561@LocalDomain>
References: <OFF29190D3.CA47220D-ON86257BB9.004A12B0-86257BB9.004A1561@LocalDomain>
User-agent: Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20130510 Thunderbird/17.0.6

On 07/31/13 10:29 AM, espeake@oreillyauto.com wrote:

Okay here is what we are wanting to do and I need to know if it is possible
with openLDAP.  We have a main production ldap server v. 2.4.28 running on
Ubuntu 10.04  We are adding two servers that will handle authenication and

Someone will inevitably tell you to step up to the latest release, so itmight as well be me. :)


Now that that's out of the way...

In a nut shell I want to have two systems that look the same and the
information for the second system would come from a sync with the first
system, but the second system would not be able to write back to the main
system.

This kind of conflicts with your previous paragraph, which seems to saythat you want two systems that look the same and the second replicatingfrom the first, but you want BOTH to be writable.

I don't see how this would be sustainable. It's pretty much guaranteedthat at some point someone will make a change on your "DR" node thatwill foul up the synchronization, such as deleting a container or anobject. You're setting yourself up for a split brain situation.

If you're willing to let the second node be read-only, then what youwant to do is more reasonable.

Prev by Date: Error 32 object not found.
Next by Date: adding mail objectClass to schema
Index(es):
- Chronological
- Thread