[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd vs ldapsync

Emmanuel Dreyfus wrote:
Can you elaborate in a reply to me? I have no braindead-automatically-attached-policy about e-mail confidentiality :-)


I have set up something using slurpd because I understood that using
replsync, the replica would need an access on the master, whereas slurpd
allowed a pure push method, where the replicas have no right to connect to
the master (the master can even be firewalled)

Syncrepl can operate in either direction. In the pure push/firewall case, just set up a proxy backend as the syncrepl consumer. test045 and test048 in the test suite both demonstrate how to configure this. Those tests are in OpenLDAP 2.4, but you can do something similar in 2.3. You just need to use a separate slapd instance for the consumer in 2.3.

Just because the protocol was defined a particular way (consumer initiated single master replication) doesn't mean it can't be used in other ways. OpenLDAP is far more flexible than that. We've enhanced the basic syncrepl functionality a number of different ways (delta-syncrepl, proxied syncrepl, mirrormode, and multimaster) all without altering any of the syncrepl protocol definition. All it takes is a little creativity to assemble the pieces in the proper order.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/