[Date Prev][Date Next]
Antwort: Re: distributed directories [Virus checked]
>If you have very precisely detailed queries that use a certain filter
>template and require a defined set of attributes, the use of back-ldap
>with proxy caching could be a solution. I can't say much about
>performances, but it shoudl be fine. Another approach we often follow is
>to have a mostly unloaded master which keeps a set of replicas up to date,
>and the replicas carry all the load.
That's what I thought of first, but I presume that load is not the only problem with distributed systems. When the info I need is "far away", the latency will also play a role. Then again, maybe latency isn't really such a probelm, that's why I'm interested to hear what other people really use...
>> On the other hand, I'm not sure if one should really delegate the
>> security-relevant configuration to caching servers?
>In general it is not a good idea, but it can be based on the trust you can
>put on the caching servers. In the scenario you're drawing it appears
>that you can trust them (it's basically an internally distributed DSA, so
>the fact that there are more than one instance of the DSA is only a
>technical detial, it basically works as a single DSA).
>a) you can disable some operations; there are different means to do this
>b) you can limit access to certain resources based on the identity of the
>client (see slapd.conf(5), limits statement)