[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: Re: distributed directories [Virus checked]

To: ando@sys-net.it
Subject: Antwort: Re: distributed directories [Virus checked]
From: denis.havlik@t-mobile.at
Date: Tue, 13 Apr 2004 16:59:08 +0200
Cc: openldap-software@OpenLDAP.org

>If you have very precisely detailed queries that use a certain filter
>template and require a defined set of attributes, the use of back-ldap
>with proxy caching could be a solution. I can't say much about
>performances, but it shoudl be fine. Another approach we often follow is
>to have a mostly unloaded master which keeps a set of replicas up to date,
>and the replicas carry all the load.

That's what I thought of first, but I presume that load is not the only problem with distributed systems. When the info I need is "far away", the latency will also play a role. Then again, maybe latency isn't really such a probelm, that's why I'm interested to hear what other people really use...

>> On the other hand, I'm not sure if one should really delegate the
>> security-relevant configuration to caching servers?

>In general it is not a good idea, but it can be based on the trust you can
>put on the caching servers. In the scenario you're drawing it appears
>that you can trust them (it's basically an internally distributed DSA, so
>the fact that there are more than one instance of the DSA is only a
>technical detial, it basically works as a single DSA).

Yes.

>a) you can disable some operations; there are different means to do this
>b) you can limit access to certain resources based on the identity of the
>client (see slapd.conf(5), limits statement)

Thx!

regards
Denis

Prev by Date: Re: Samba3 Schema
Next by Date: Re: Samba3 Schema
Index(es):
- Chronological
- Thread