[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap design

Hendrik van der Ploeg wrote:

Thank you for answering.
Yes, every customer has it's own ldap server which should be master.

*/Q: You do not want it the other way around and have 4 (multi-)master in the
datacenter and 1200+ replicas outside, do you? /*
That would be the best design indeed, but the problem is that the customers
need write access to their own ldapserver.

Now I hear you thinking; Customers can have write access in the datacentre and
it then will be replicated to the customers own ldapserver.
The problem is that a lot of customers have quite a bad vpn connection to the
datacentre and when they add a user for example it must be available immediatley.
And with a failing vpn connection nothing happens. they MUST be able to write
in their own local ldapserver

Your reasoning is sound. It's just a question of system resources; 1200 consumer configs in a single slapd process will probably occupy a lot of RAM. An active consumer requires a slapd thread when processing incoming changes. If you want instantaneous processing of all incoming changes that means you must be able to handle 1200 concurrent threads, worst case. If your real world load will be lower than that, adjust downward accordingly.



Hendrik van der Ploeg schrieb am 15.02.2011 08:47 Uhr:

I'm in doubt what design I need to use for openldap
This is the situation;

We have 1200+ customers using LDAP. We want to replicate all these ldap
server to 1 big ldapserver in a datacentre with a multi-master config.
This means each customer has its own ldap server and you will have 1200+
ldap servers?

So all the customers are a master-ldap who replicate to the datacentre.
"all the customers (=ldap servers) _are_ master-ldap"?
This would mean you have 1200+ provider/master!?

My idea was to build in the datacentre a ldapcluster of about 4 server
What for then?

My question is: Will this be stable, because there will be 1200+
ldapservers replicating
to 4 ldapserver in the datacentre.
You do not want it the other way around and have 4 (multi-)master in the
datacenter and 1200+ replicas outside, do you?

I know this depends on the number of write actions at the customers. All I
can say is that write actions at the customers isn't THAT much.

I really hope somebody can give me an answer or maybe there's somebody
else with the same config
We have one provider and 160 consumers - and this is IMHO called "a lot"
here, if I'm right ...


  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/