[Date Prev][Date Next]
RE: scope: global and local stuff in openldap
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Andreas
> On Fri, Sep 19, 2003 at 11:02:41AM +0200, Dieter Kluenter wrote:
> > > These global users would/could be located on a central
> ldap server,
> > > at the main office, for example. First I thought about
> replicating this
> > > global branch to each remote office. Any ideas?
> > > Thanks.
> > Wha about running a central meta server which is just proxying your
> > global users?
> I'm sorry, I don't follow. You mean a meta server at the main
> site which
> looks up the global users at the remote sites?
> Anyway, here is what I did so far.
> I created a "global" branch at the main server (at the main
> site). I then
> replicate this branch to each remote site.
> At the remote site I have two databases, one for the site
> itself and another
> one for the replicated global part.
> In order to have the local site "see" the global replicated
> part I set up
> a referral so that searches starting at the local part get
> this referral and
> also search the global part.
> With this setup, users at the remote site can see the global
> part without traversing
> the WAN link, and changes to the global part are replicated
> to each remote site.
Using OpenLDAP 2.1 I would use the "subordinate" keyword to connect the two
databases instead of a referral. If you were using OpenLDAP 2.2 I would
consider the possibility of using a caching proxy (back-meta) on the remote
site to connect to the global data, instead of using explicit replication.
This depends on whether there is a clear usage pattern of the global data at
the remote sites, so that the caching can be used to good advantage.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support