[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP instance as syncREPL replica and Slurpd master

To: Bruno Lezoray EMSM <bruno.lezoray@wh-ces.gmessaging.net>
Subject: Re: OpenLDAP instance as syncREPL replica and Slurpd master
From: Howard Chu <hyc@symas.com>
Date: Mon, 24 Sep 2007 09:27:16 -0700
Cc: openldap-software@openldap.org
In-reply-to: <46F77E4C.6010708@wh-ces.gmessaging.net>
References: <46EAA6F8.6070703@wh-ces.gmessaging.net> <A7D56205E0B51DC2FDC167AB@deus-ex.zimbra.com> <46EB35A8.1050907@symas.com> <46EE4C33.8070308@wh-ces.gmessaging.net> <46EE7F5B.3040407@symas.com> <46F77E4C.6010708@wh-ces.gmessaging.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a8pre) Gecko/2007091708 SeaMonkey/2.0a1pre

Bruno Lezoray EMSM wrote:

Howard Chu wrote:

In OpenLDAP 2.3 this will require one more slapd process (while
eliminating the slurpd process).

1 provider
2 regular consumer
2A back-ldap consumer
3 external replica

To follow with the same restrictions:

Only the 2nd instance can establish TCP connections on 1st and 3rd
instances. TCP connections in the other direction is forbidden  >:o  .


That was obvious, given your firewall setup.

Is it possible to configure the different instances to enable
replication in the both direction ?
1 <-> 2 <-> 3

Of course, but that would be a bad idea. Think about what you're doing. The reason you put a *read-only* replica outside the firewall is because it resides on an untrusted network. If you start accepting changes from it, it's like punching a hole in your firewall and letting the outside world in. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

Follow-Ups:
- Re: OpenLDAP instance as syncREPL replica and Slurpd master
  - From: Bruno Lezoray EMSM <bruno.lezoray@wh-ces.gmessaging.net>
- Re: OpenLDAP instance as syncREPL replica and Slurpd master
  - From: Bruno Lezoray EMSM <bruno.lezoray@wh-ces.gmessaging.net>

References:
- OpenLDAP instance as syncREPL replica and Slurpd master
  - From: Bruno Lezoray EMSM <bruno.lezoray@wh-ces.gmessaging.net>
- Re: OpenLDAP instance as syncREPL replica and Slurpd master
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: OpenLDAP instance as syncREPL replica and Slurpd master
  - From: Howard Chu <hyc@symas.com>
- Re: OpenLDAP instance as syncREPL replica and Slurpd master
  - From: Bruno Lezoray EMSM <bruno.lezoray@wh-ces.gmessaging.net>
- Re: OpenLDAP instance as syncREPL replica and Slurpd master
  - From: Howard Chu <hyc@symas.com>
- Re: OpenLDAP instance as syncREPL replica and Slurpd master
  - From: Bruno Lezoray EMSM <bruno.lezoray@wh-ces.gmessaging.net>

Prev by Date: Re: OpenLDAP instance as syncREPL replica and Slurpd master
Next by Date: Re: OpenLDAP instance as syncREPL replica and Slurpd master
Index(es):
- Chronological
- Thread