[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd replication (push based)

Martin Simovic wrote:

I have the following setup

LAN --- slapd 2.4.7 (master) --- DMZ ---slapd 2.3.30 (slave)

I'm trying to achieve replication from master to slave.
the firewall policy is LAN-->DMZ allow
                        DMZ-->LAN reject

this was actually very easy with slurpd (removed from 2.4) as the only
need was to allow TCP traffic from master to slave

with syncrepl it seems to me that no matter if I use push/pull method
the client (slave) is the one that binds to the master (provider). this
means that firewall rule that allows TCP traffic to LAN is needed - this
is very ugly.

is there a way to workaround this (or did i just misunderstand the whole

See the configuration used in test045 in the test suite.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/