I'm using haproxy in front of three ldap servers (consumers, the master is not in the pool). I'm not sure it is any better than using DNS round robin. Almost every LDAP client permits you to specify a list of servers to check if the previous servers fail, so availability isn't really an issue. DNS RR will tend to distribute the load evenly while still permitting the ldap client to fail-over to an available server.
Further, my haproxy doesn't seem to be preventing any availability problems. I still see "Can't contact LDAP server" in my samba logs several times a day, even though my servers are not even close to loaded. (I have never been able to reproduce this error with or without haproxy.) For all the complexity of setting up haproxy and making it highly available the only benefit seems to be somewhat faster searches if one of the ldap servers experiences an extended unplanned outage. So it's more of a performance benefit, sometimes, and insurance against LDAP clients that don't permit you to specify a list of servers. On Tue, Jun 14, 2011 at 7:43 PM, David N. Blank-Edelman <[email protected]> wrote: > Hi- > > I'm in the process of building out our next revision of an OpenLDAP cluster > (a master, several slaves, and a load balancer HA pair to distribute the > workload to these servers). I was curious if anyone who has done a similar > thing with open source software would be willing to share their experiences? > > At the moment I'm thinking about either doing a Pacemaker + HAproxy setup or > just an updated version of our current ultramonkey setup (LVS + heartbeat + > ldirectord). Does anybody have a config they particularly like/dislike? -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
