Hello all,
I've successfully set-up a 2-node LDAP cluster, where each node is a
provider to the other according to section 18.3.4 of the Administrator's
Guide. The next logical step is to implement Load-Balancer/Proxy entities,
which will ensure that writes always go to the same node.
So far my preliminary proxy configuration allows reading from the cluster
successfully. Here are the relevant bits (LDIF whitespace manipulated for
readability):
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcAccess: {0}to *
by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * break
olcAccess: {1}to *
by * write
olcRootDN: cn=admin,dc=domain,dc=tld
olcRootPW: {SSHA}s3krit
olcSuffix:
olcDbStartTLS: start
olcDbURI: ldap://ldap1.domain.tld,ldap://ldap2.domain.tld
I understand that this configuration will always use the first URI in
olcDbURI unless there is a failure, in which case it will fall back to the
second URI (apparently after a timeout, and will then use it for subsequent
operations until that fails too). I'm happy with this, although if there
were a way to perform round-robin between the two for read operations, it
would be ideal (is there?).
However, writes to the proxy won't work with this configuration. In the
Administrator Manual it is stated that one should use the proxy "as a
syncrepl provider", but I am not sure I understand how this is supposed to
work. Am I supposed to add another olcSyncrepl attribute (there's already
one for syncing the two MirrorMode nodes themselves) to the MirrorMode
nodes pointing to the proxy? And if I have more than one proxy, should I
add an olcSyncrepl attribute for each? And how do I ensure that only one of
the MirrorMode nodes fetches data from the proxy provider(s) at any given
time?
I've spent quite some time googling this to no avail. Any insight would be
greatly appreciated. Thank you!
Best regards,
George
