[Date Prev][Date Next]
Re: OpenLDAP instance as syncREPL replica and Slurpd master
Bruno Lezoray EMSM wrote:
Howard Chu wrote:
In OpenLDAP 2.3 this will require one more slapd process (while
eliminating the slurpd process).
2 regular consumer
2A back-ldap consumer
3 external replica
To follow with the same restrictions:
Only the 2nd instance can establish TCP connections on 1st and 3rd
instances. TCP connections in the other direction is forbidden >:o .
That was obvious, given your firewall setup.
Is it possible to configure the different instances to enable
replication in the both direction ?
1 <-> 2 <-> 3
Of course, but that would be a bad idea. Think about what you're doing. The
reason you put a *read-only* replica outside the firewall is because it
resides on an untrusted network. If you start accepting changes from it, it's
like punching a hole in your firewall and letting the outside world in.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/