[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using back-ldap as a client-side proxy/cache

Hey folks,

In order to provide stability to my OpenLDAP clients in the event of a network outage, I would like to implement some
client-side caching.  I've done some research, and have concluded that nscd is evil and should be avoided at all costs,
and thus eventually settled on using back-ldap as a proxy and caching mechanism on the clients.  Ideally, clients would
query a local cache first, and if the information was not available, back-ldap would then forward the connection on to
my root OpenLDAP server(s).  However, I didn't see much information in the admin guide with respect to such
configurations other than a reference to the back-ldap man page, and given that I've got no real experience with setting
up back-ldap, I was wondering if somebody who did/does would have some recommendations, advice, or knew of a good
documentation source describing this sort of setup?

The other question I have is that it seems most people use back-ldap with a slapd.conf-style configuration, versus a
cn=config type of setup.  In this sort of circumstance, where one is not configuring a full-on OpenLDAP server/replica,
that seems like it might be a good thing in the interest of keeping the client configurations simple.  Nonetheless, I
wanted to verify that it was the recommended way, since slapd.conf (in the context of a fully fleshed-out OpenLDAP
server) is deprecated.

Thanks as always for insights, advice, and criticisms.