[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Being a consumer and a provider for the same database (toward different servers) ?

jmbajet@gmail.com writes:

> Hello,
> I'am quite new to Ldap and OpenLdap,
> I must propose a solution that is stable and very reliable.
> so I don't know which solution is Best.
> * A hub server which polls changes from subsidiaries and then
> subsidiaries polls changes from other subsidiaries from the hub server
> * Or a back-ldap with proxycaching in the subsidiaries
> -Do LDAP users in the subsidiaries will be seen by the main server as normal direct ldap
> connections ?

No, the clients in the subsidiaries cantact the local ldap proxy

> -Do the ACL (for LDAP users) on the real main server won't be
> bypassed ?

That depends on your configuration. You may either configure the ldap
proxies to use proxyauth or pass simple binds through to the master

> -Do I need to design the directory (schema, acl) with the fact that I may use a
> proxy ?

You may configure ACL's on your master to match proxyauth

> - Does populating large group with members (>1000 < 10000) work well
> (through proxy) ?

> In other words , is the proxy real transparent to Ldap client
> operations (read, writes) or Acl, schema definitions
> (I don't want to do any attributes or object mapping)

Yes, as long as the master is an openldap server.

> - Do the back-end ldap and proxy cache are stable and reliable enough to be used
> in a heavy production env. ?

In most cases, yes, but you should test it in your environment

> (The directory must be deployed in 8 month so I hope until then Old
> 2.3.x will be stable)

That is plenty of time :-)


Dieter Klünter | Systemberatung