[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Replication Design Advice
Hello OpenLDAP users,
Iâm looking for some advice concerning an OpenLDAP solution Iâm about to
deploy between 4 locations in company I work for.
Currently Iâve implemented a LDAP DIT in my country and weâve had
exquisite results. Iâve integrated RADIUS for wireless authentication,
MIT Kerberos, Samba PDC, dovecot and the list can continue but thatâs
not the scope of this message.
We have some global services located in one of the countries that all
other 3 countries use ( trac, svn, web2project, alfresco ).
We want that each country to have itâs own LDAP DIT ( we donât want to
have a global LDAP with slaves in each country because some of us want
locally significant objects ( for authorization purposes ) and having a
slave LDAP means read-only ). Thatâs why I thought of using
multi-n-master on each of the four LDAP servers.
The ideea I had was that each country will have only a portion of the
DIT being sent to the others ( we narrow the searchbase in syncrepl ):
Country 1 sends ou=COUNTRY-1,dc=example,dc=com
Country 2 sends ou=COUNTRY-2,dc=example,dc=com
Country 3 sends ou=COUNTRY-3,dc=example,dc=com
Country 4 sends ou=COUNTRY-4,dc=example,dc=com
In each ou=COUNTRY-{1..4} they will have ou=People and ou=Groups.
Basically thatâs the only thing I want to be consistent across all LDAP
DITs.
Iâve tested the solution using some virtual machines and besides the
starttls and some things each administrator will have to be cautious
about things went smoothly.
I've also read something about slapo-translucent - will now test to see
how it works.
Can I get some suggestions / maybe a whole new architecture for my needs
in case I didnât foresee problems ?
Thx!
--
Andrei BÄNARU
Internal Support
CCNA Security, CCIP
StreamWIDE Romania