[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: redundancy with openldap

To: <tdavis@birddog.com>
Subject: Re: redundancy with openldap
From: "John Madden" <jmadden@ivy.tec.in.us>
Date: Thu, 8 Nov 2001 09:09:43 -0500 (EST)
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <1005187506.3be9f1b284494@secure.birddog.com>
References: <1005187506.3be9f1b284494@secure.birddog.com>

> Is there some sort of way to configure a redundant ldap server?  Anyone
> have  this figured out?  I am not looking for load balancing with round
> robin dns or  such.

Unless you want to get into clustering packages, not that I know of.
However, to "emulate" such a thing for servers dependent on LDAP being
there, here's my recipe:

1) Establish SSH tunnel from 127.0.0.1:389 -> ldapserver:389.  This has two
benefits: the applications think they're talking to 'localhost' for easy
configuration, and all LDAP transactions are done securely without the need
to mess around with SSL certs (yeck).

2) Replicate the 'main' server to a secondary server.

3) Write a perl script to test the connection to the primary server through
the SSH tunnel every N minutes or something and if the connection goes away,
bring a new tunnel up to the replica.

Problem with this scenario: Replication will get all wacky if the primary
box goes down and you failover to the secondary and writes start happening.
What you then have to do is sync up the two slapd's by shutting the replica
down at a convenient time and copying over the ldbm's to the 'master.'

DNS round robin is a much cleaner solution, except for requiring the SSL
baggage.

John




-- 
John Madden
UNIX Systems Engineer
Ivy Tech State College
jmadden@ivy.tec.in.us

References:
- redundancy with openldap
  - From: Terry Davis <tdavis@birddog.com>

Prev by Date: Order of variables in ldap_attr_mappings.add_proc
Next by Date: Using MD5 passwords with LDAP
Index(es):
- Chronological
- Thread