[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication: 1 DN for all slaves.


Do you think it's a bad practice to have one DN shared between all slaves? Of course this DN is different from the rootdn. My ideas why it's not:

- I have to worry about one pair dn/pass, I still have to worry about security on all slave server machines, that's the main problem, I know, but there are so many passwords, minimize that can be good.

- If someone manages to get the DN pass, he/she can write to the master (since on the master that DN has write access to "*", then all the slaves, even the ones not hacked, will get that new compromised tree. If replication were not automatic, having one dn/pass to each slave would allow me to have some slaves with a "good" tree on the event someone gets the dn/pass of a slave, and then writing on the master would not affect all slaves. Since it is automatic.. and I have no reason to make happen by human interaction, one slave affected means all slaves and the server affected, even with different DN's/passwords.

 Did I miss anything?



This message was sent using IMP, the Internet Messaging Program.