[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: A few questions
Harry Sufehmi wrote:
At the moment I'm trying to implement OpenLDAP -> AD sync and OpenLDAP
-> OpenLDAP sync.
A few days ago I was a total OpenLDAP newbie though, but I'm trying
hard to rectify this, especially since my manager has expressed his
interest on OpenLDAP to be used in our 15,000+ users IT infrastructure.
I think you should be prepared to lower some expectations here...
Reading OpenLDAP admin guide has raised a few questions / need for
clarifications, which I hope somebody here can help me with :
# I read that slapd can only function as LDAP Sync provider only when
it's configured with either back-bdb or back-hdb.
Is this still the case with version 2.2.17 / 2.2.18 ?
Yes. What backend would you prefer to use?
# Quote from chapter 14.2 : "Multiple replicas of single provider
content share the same per-scope session log".
Does this mean that if one of the replicas are down for a period of
time, it may risk missing any updates occuring within that time ?
No, the session log is only an aid for increasing efficiency. If a
particular replica is down for long enough that its content is too far
out of sync, the protocol will automatically initiate a full reload of
all the data.
# It seems that it's possible to implement a multi-master replication
with OpenLDAP, by getting all the master servers to do 2 way sync with
each other.
Do please feel free to correct me if I'm wrong.
It is not explicitly supported. I suspect you will cause an infinite
update loop if you try it, but I don't know (haven't tried it).
# Is there any good HOWTO on doing OpenLDAP -> AD sync ?
I can try to figure this out myself, but it'll help tremendously if
there's already a good documentation on the subject.
slurpd is more likely to work here.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support