[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Design for large openldap deployments

To: openldap-technical@openldap.org
Subject: Re: Design for large openldap deployments
From: Dieter Klünter <dieter@dkluenter.de>
Date: Fri, 13 Dec 2013 22:22:02 +0100
Cc: Christian Kratzer <ck@cksoft.de>
In-reply-to: <alpine.BSF.2.00.1312131812040.59400@pohjola.cksoft.de>
Organization: AVCI
References: <alpine.BSF.2.00.1312131812040.59400@pohjola.cksoft.de>

Am Fri, 13 Dec 2013 18:40:02 +0100 (CET)
schrieb Christian Kratzer <ck-lists@cksoft.de>:

> Hi,
> 
> I have been thinking about a scalable multi site deployment
> architecture for openldap where I would like to:
> 
> - Have a small number of master servers centrally in the enterprise
> with MMR.
> 
> - All account provisioning would be at the central sites.
> 
> - Have multiple edge sites replicate of those masters in a star
> toplogy with MMR.
> 
> - Allow writes to those edge sites for the purpososes of
> slapo_ppolicy, slapo_lastbind and password changes.
> 
> I would like to avoid fully meshing all servers for MMR and would
> prefer a star topology where each edge site only replicates with the
> central site.
> 
> I would also like to avoid chaining. See my previous posts why.
> 
> Before I set this up in my lab I would like a second opinion. The
> customer is asking for best practice in large deployments.

Michael is quite correct in his comments regarding slapo_policy, but in
priciple i have realised this design in a cascading directory with more
than 100 slaves.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: Design for large openldap deployments
  - From: Christian Kratzer <ck-lists@cksoft.de>

References:
- Design for large openldap deployments
  - From: Christian Kratzer <ck-lists@cksoft.de>

Prev by Date: Re: ldapsearch limit of 500 entries
Next by Date: Re: ldapsearch limit of 500 entries
Index(es):
- Chronological
- Thread