[EMAIL PROTECTED] writes: > Hello, > > I'am quite new to Ldap and OpenLdap, > > I must propose a solution that is stable and very reliable. > so I don't know which solution is Best. > > * A hub server which polls changes from subsidiaries and then > subsidiaries polls changes from other subsidiaries from the hub server > > * Or a back-ldap with proxycaching in the subsidiaries > > > -Do LDAP users in the subsidiaries will be seen by the main server as normal > direct ldap > connections ?
No, the clients in the subsidiaries cantact the local ldap proxy > -Do the ACL (for LDAP users) on the real main server won't be > bypassed ? That depends on your configuration. You may either configure the ldap proxies to use proxyauth or pass simple binds through to the master > -Do I need to design the directory (schema, acl) with the fact that I may use > a > proxy ? You may configure ACL's on your master to match proxyauth authentication. > - Does populating large group with members (>1000 < 10000) work well > (through proxy) ? Yes. > > In other words , is the proxy real transparent to Ldap client > operations (read, writes) or Acl, schema definitions > (I don't want to do any attributes or object mapping) Yes, as long as the master is an openldap server. > - Do the back-end ldap and proxy cache are stable and reliable enough to be > used > in a heavy production env. ? In most cases, yes, but you should test it in your environment > (The directory must be deployed in 8 month so I hope until then Old > 2.3.x will be stable) That is plenty of time :-) -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
