Re: (ITS#8747) LDAP load balancer daemon (lloadd)

[ondra@mistotebe.net]

On Thu, Sep 28, 2017 at 04:13:46PM +0000, ondra@openldap.org wrote:
> The 'lloadd' branch linked above contains the load balancer code that
> is now ready for review.
> 
> This adds a new server to the OpenLDAP project, a load balancing proxy
> (prototype).

To summarise the reasons for this project to exist and highlight its
features, limitations:
- most LDAP load balancers pin a connection to another server and
  then just ship data, lloadd can distribute operations from a single
  client connection across LDAP servers
- to make the above possible, lloadd sets up connections to the backend
  servers on startup and manages them as per configuration (independent
  on the clients)
- bind operations are forwarded over dedicated bind connections or using
  the VC exop if feature 'vc' is enabled in its config, the designated
  identity is then passed on with the operations with proxyauth control
  (if feature 'proxyauthz' is enabled)
- it is expected that all backends are indistinguishable (same features,
  suffixes, data)
- no SASL bind support yet
- if an operation cannot be processed or forwarded for any reason
  (overload, connection loss, ...), it is never re-sent, client will
  however still be sent an appropriate result in that case

The lloadd.8 and lloadd.conf.5 manpages are provided, Admin guide and
further documentation will come as the implementation matures.

-- 
OndÅ?ej Kuzník
Senior Software Engineer
Symas Corporation                       http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP