[Date Prev][Date Next] [Chronological] [Thread] [Top]

Building a Distributed LDAP tree with replication.

Hello list,
I have a conception problem with my LDAP and would like to have your opinion.
I have to built a LDAP tree.
About 10000 LDAP entry.

These are the points :
- the directory service must be distributed on several sites
- the sites are geographicaly distant and a have internet satellite connexion between the deported sites and the central site.
- In 12 month, I will have 25 sites to maintain.
- I want to delegate the directory support on each site.
- I want to get the whole LDAP tree on the main site.

/I want to delegate the directory support on each site./
- Because each site is a Samba Controleur for the XP PC. So information must be first upgrade on the distant site and replicated on the main site.
- Because of delegation also. I can't be the administrator for each branch
/I want to get the whole LDAP tree on the main site.
/Because we want to offer a mail service for the whole tree. The mail server will be in the main site.
The users will be created on the distributed site by the local administrators and these informations replicated on the main site.
By this way the mail server will look on the main LDAP server to authentificate users.

So, I had I deep look in the openldap documentation by It seems to be a bit odd. Or, my situation is unusual, or I miss a point, or...please help!

Will it be possible to replicated the tree on a subtree?
let me explain.
for example, i have dc=example,dc=org for my main site.
and dc=a,dc=example,dc=org
and dc=b,dc=example,dc=org
for two of the 25 distant sites.

So,     on the main site
                        o   dc=org
                       o   dc=example
                     /   \
                   /       \
     dc=a    o         o   dc=b

on one distant site...
o dc=org
o dc=example
| o dc=a
/ | \
/ | \
ou ou ou

I want to replicate the sub tree on the main tree.
Should I use rslurpd?
Should I use syncrepl?
Must I use referral?
- If I use referral, will my mail server be able to search for a user on a distant directory?

I know my questions are a bit strange but I am quite new on LDAP/open LDAP and I need gourou's advice.