--On Thursday, December 22, 2005 6:27 PM -0800 Don Hoover <[EMAIL PROTECTED]> wrote:
I have started to put some though into how I would deploy OpenLDAP for a largish environment and some questions have come to mind. I am planning on having a single master and about 5-6 or so read-only replicas. Hopefully someone with experience can answer these: 1) Is it a good idea to also run a read-only replica/secondary server on my master server, so I can point clients to it as well? I could then put my master on a different port I guess. I think I have seen people recommend this instead of going directly against your master server. Any opinions?
If you have 5-6 replicas, why not just point clients at them? Why would you point clients at your master at all? Unless perhaps you mean clients that do updates. Then they should point to the master itself for updates, I'd think. Since you can't write to a replica, pointing them at any replica would be pointless...
2) I have seen some people mention having a "hot standby" master server or something, but nothing like that is in any documentation or articles that I can find on the web. I couldn't even find anything in the list archives.
Symas Corporation is working on having this available in their CDS product. You may wish to confer with them.
Does this mean something different than a replica server? If so how would I implement one?
Yes.
3) I am going to be forced to use the OpenLDAP that is included with Redhat Enterprise 4, which is 2.2.13. Should I try to use Syncrepl or should I stick with slurpd?
You should understand that RedHat's OpenLDAP installation is strictly for client library use only. If you are going to be so brave as to use it as a server, you are simply going to have a number of problems. I'd advise that you make this point to whatever person is making such a decision, because it shows they have absolutely no concept of what it takes to run a directory server. And syncrepl is not very useful in 2.2. You really should be using 2.3, as 2.2 will be marked historic any day now.
Thanks for any advice, I am nervous about putting in this deployment. It's basically going to replace 15 years of various NIS environments and replicated local /etc/passwd files that have grown over the years for hundreds of systems in several locations.
No problem. I strongly advise dumping RedHat's version of OpenLDAP at the least.
--Quanah -- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
