[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: redundancy with openldap

> Is there some sort of way to configure a redundant ldap server?  Anyone
> have  this figured out?  I am not looking for load balancing with round
> robin dns or  such.

Unless you want to get into clustering packages, not that I know of.
However, to "emulate" such a thing for servers dependent on LDAP being
there, here's my recipe:

1) Establish SSH tunnel from -> ldapserver:389.  This has two
benefits: the applications think they're talking to 'localhost' for easy
configuration, and all LDAP transactions are done securely without the need
to mess around with SSL certs (yeck).

2) Replicate the 'main' server to a secondary server.

3) Write a perl script to test the connection to the primary server through
the SSH tunnel every N minutes or something and if the connection goes away,
bring a new tunnel up to the replica.

Problem with this scenario: Replication will get all wacky if the primary
box goes down and you failover to the secondary and writes start happening.
What you then have to do is sync up the two slapd's by shutting the replica
down at a convenient time and copying over the ldbm's to the 'master.'

DNS round robin is a much cleaner solution, except for requiring the SSL


John Madden
UNIX Systems Engineer
Ivy Tech State College