[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: Re: distributed directories [Virus checked]

>> A) How do ACLs work in such a setup? I can imagine that one may get
>> better  performance if ACLs are determined on the caching server:

>In general it is not a good idea, but it can be based on the trust you can
>put on the caching servers.  In the scenario you're drawing it appears

In fact, this whole bussines with ACLs has been bothering me since the beginning. Everything else in openLDAP scales quite nicely, but ACLs (and other things, like "limit" statements & ssl certs) have to be entered again and again on every server. It's exactly the administrators nightmare situation we are trying to avoid in the first place. :-(

Automatically updating part of the slapd configuration file on slave servers at server start (btw, can slapd re-load the configuration without restart?) sounds like a good idea. I can think of two ways to do it:

1) classical way, with scp/rsync or such. That's simple to do, but why do we have an LDAP server for?
2) Store the ACLs data for slaves in LDAP, and read them from the master server when needed. Anyone went this way?

One step further would be to "read the slapd configuration from master LDAP server". I presume this is an old idea - what was the result of discussions so far?