[Date Prev][Date Next]
Re: ldap and network outage
--On Sunday, December 19, 2004 2:47 PM +0100 djinn_fr
I would like to setup a ldap server to manage centralized password on 40
For security reason, we have 6 sub networks protected by firewall. I
would like to know what the best practice to build an LDAP architecture
that still allow people to login if there is a network outage in the sub
network where the LDAP server is.
Using a slave doesn't seem to solve this problem.
I would like to know if it's possible to get a local copy of password on
I understand that it can be a security hole in case somebody stole the
file on one computer. But the risk that people cannot login is more
important to me.
Or maybe there is an other solution.
Well, you are talking here about two different things. Either you want a
central password store (LDAP, Kerberos, etc), or you want local passwords.
If you use a central password store, then you are going to have to deal
with the possibilities of people not being able to get into a system if the
password server the system talks to is down. In any of the centralized
cases, you will want redundancy (multiple answering systems), and to set up
the client systems to be able to talk more than one of the central systems,
and then set up the central systems on multiple sub-nets.
However, none of this has to do with OpenLDAP, so the question doesn't
belong on this list. It should be addressed somewhere dedicated to general
LDAP related issues or general network design.
The general ldap list, email@example.com might be a place to start.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html