[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Designing large environment

--On Thursday, December 22, 2005 6:27 PM -0800 Don Hoover <dxh@yahoo.com> wrote:

I have started to put some though into how I would
deploy OpenLDAP for a largish environment and some
questions have come to mind.

I am planning on having a single master and about 5-6
or so read-only replicas.

Hopefully someone with experience can answer these:

1) Is it a good idea to also run a read-only
replica/secondary server on my master server, so I can
point clients to it as well?  I could then put my
master on a different port I guess.  I think I have
seen people recommend this instead of going directly
against your master server.  Any opinions?

If you have 5-6 replicas, why not just point clients at them? Why would you point clients at your master at all? Unless perhaps you mean clients that do updates. Then they should point to the master itself for updates, I'd think. Since you can't write to a replica, pointing them at any replica would be pointless...

2) I have seen some people mention having a "hot
standby" master server or something, but nothing like
that is in any documentation or articles that I can
find on the web.  I couldn't even find anything in the
list archives.

Symas Corporation is working on having this available in their CDS product. You may wish to confer with them.

Does this mean something different than a replica
server? If so how would I implement one?


3) I am going to be forced to use the OpenLDAP that is
included with Redhat Enterprise 4, which is 2.2.13.

Should I try to use Syncrepl or should I stick with

You should understand that RedHat's OpenLDAP installation is strictly for client library use only. If you are going to be so brave as to use it as a server, you are simply going to have a number of problems. I'd advise that you make this point to whatever person is making such a decision, because it shows they have absolutely no concept of what it takes to run a directory server. And syncrepl is not very useful in 2.2. You really should be using 2.3, as 2.2 will be marked historic any day now.

Thanks for any advice, I am nervous about putting in
this deployment.   It's basically going to replace 15
years of various NIS environments and replicated local
/etc/passwd files that have grown over the years for
hundreds of systems in several locations.

No problem. I strongly advise dumping RedHat's version of OpenLDAP at the least.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html