[Date Prev][Date Next]
Re: Best methods for OpenLDAP redundancy..
If you combine heartbeat and OpenLDAP you can have a master/slave relationship
between nodes and have the slave automagically become the master whenever the
master fails. It's actually not at all difficult; see Alan Robertson's linux-
ha site (www.linux-ha.org) and sign up for the mailing list if you run into any
Another approach is to have a master server that isn't used for anything but
updates and serving up replicas. On that master node, you can use drbd, stonith
and heartbeat on a hot-standby host (a bit hardware-intensive, but hardware is
cheap) to provide good data protection and extremely good fault tolerance. Or
you can just decide to not have updates until the master server is fixed.
If you use heartbeat to implement IP failover, I'd recommend you be careful to
include any db-rebuilding or re-indexing commands you might need in your
failover scripts. It'll mean a longer outage during a host failure, but that's
better than a corrupted database.
On 29 Feb 2004 at 22:45, adp wrote:
From: "adp" <firstname.lastname@example.org>
Subject: Best methods for OpenLDAP redundancy..
Date sent: Sun, 29 Feb 2004 22:45:55 -0600
> I am looking for suggestions on how to best provide redundancy for OpenLDAP.
> I have two servers, ldapa and ldapb.
> I can do this one of two ways: I can do a multimaster or a master/slave. Of
> the two, googling seems to indicate that most people, if not all, do
> master/slave with OpenLDAP. I'm not sure how mature the multimaster code is?
> Let's assume I'm using master/slave. I'm mostly going to do pam_ldap at this
> I can use RRDNS for ldap reads.
> In this case if master goes down then 50% of my LDAP queries will fail if
> slapd is gone, or my connection will (slowly) timeout if slapd accept()'s,
> but is dead after that. So that's a bad situation. ldap writes always have
> to go to master since I'm using master/slave, so I have ldap.domain setup
> for RRDNS and ldapw.domain set to master only.
> Read works. Writes fail.
> Alternative. I failover my IP.
> My master has an IP called masterIP. master keeps updating slave. If master
> dies then slave detects this, brings up masterIP on its own interface (e.g.,
> via heartbeat), and then listens on that IP. So master has dns master.domain
> and slave has IP slave.domain. If master dies then slave owns both
> slave.domain and master.domain.
> Reads work. Writes fail.
> Other solutions? What works best? We need pretty high availability for
> reads, but can live with write failure when the master is down.