[Date Prev][Date Next]
ACLs / replication / availability
This may be in the FAQ, but I've looked at the FAQ so often right now I want
to talk to people instead. :)
1) If I use ACLs in slapd.conf, do I need to replicate these ACLs in the
slapd.conf on a slave (replicated) server?
- Only the master has to accept writes.
- But, the slave servers have to determine read access. :)
2) Is there info somewhere on playing with LDAPv3 ACIs? How mature are these?
I can help find bugs?
3) Can I mix and match slapd.cond ACLs and LDAPv3 ACIs?
4) Has anyone written a script to push updates to slave LDAP servers? I'm
thinking it looks something like:
Stop master ldap.
Foreach slave ldap:
Stop slave ldap.
Push updated config files to slave. (rsync!)
Optionally, push master LDAP database files to slave.
Start slave ldap.
Start master ldap.
My concern is partly that since the docs describe setting up a relicated
server say you should copy over the database and THEN start relication, that
if a slave falls off the network for a time then it may be some degree of a
PITA to bring it back to reality, and I should automate reprogramming of
slaves. And do it during "down time." :)
Does the replog grow indefinately? maybe slurpd -o would be my "push LDAP
database to slave" function? Does this buy me any less downtime? How does
slurpd know what from the replog to replicate?
Other have done this stuff, written scripts, learned the pitfalls?