[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP instance as syncREPL replica and Slurpd master

Bruno Lezoray EMSM wrote:
Howard Chu wrote:
In OpenLDAP 2.3 this will require one more slapd process (while
eliminating the slurpd process).

1 provider
2 regular consumer
2A back-ldap consumer
3 external replica
To follow with the same restrictions:

Only the 2nd instance can establish TCP connections on 1st and 3rd
instances. TCP connections in the other direction is forbidden  >:o  .

That was obvious, given your firewall setup.

Is it possible to configure the different instances to enable
replication in the both direction ?
1 <-> 2 <-> 3

Of course, but that would be a bad idea. Think about what you're doing. The reason you put a *read-only* replica outside the firewall is because it resides on an untrusted network. If you start accepting changes from it, it's like punching a hole in your firewall and letting the outside world in.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/