[Date Prev][Date Next]
Best methods for OpenLDAP redundancy..
I am looking for suggestions on how to best provide redundancy for OpenLDAP.
I have two servers, ldapa and ldapb.
I can do this one of two ways: I can do a multimaster or a master/slave. Of
the two, googling seems to indicate that most people, if not all, do
master/slave with OpenLDAP. I'm not sure how mature the multimaster code is?
Let's assume I'm using master/slave. I'm mostly going to do pam_ldap at this
I can use RRDNS for ldap reads.
In this case if master goes down then 50% of my LDAP queries will fail if
slapd is gone, or my connection will (slowly) timeout if slapd accept()'s,
but is dead after that. So that's a bad situation. ldap writes always have
to go to master since I'm using master/slave, so I have ldap.domain setup
for RRDNS and ldapw.domain set to master only.
Read works. Writes fail.
Alternative. I failover my IP.
My master has an IP called masterIP. master keeps updating slave. If master
dies then slave detects this, brings up masterIP on its own interface (e.g.,
via heartbeat), and then listens on that IP. So master has dns master.domain
and slave has IP slave.domain. If master dies then slave owns both
slave.domain and master.domain.
Reads work. Writes fail.
Other solutions? What works best? We need pretty high availability for
reads, but can live with write failure when the master is down.