Le 3/3/14 8:46 PM, Marcel Bruch a écrit : > Hi ds-users, > > I’m currently evaluating an idea to which using Apache DS partially sounds > like a good fit. However, I’m not sure and I’m seeking some advice. Without > detailing on the exact requirements and use case it may sound weird. > > We have highly structured and hierarchical data (basically a several GB huge > knowledge-base) that is stored on a server and updated from time to time. > > In a (far) future there *might* be 10.000 up to 100.000 clients somewhere on > the web that need to access parts of that data. Currently there are a few > hundred clients. > > These clients should be able to replicate some small parts of that > hierarchical data (according to some access rights) to speed up their data > access and work in some "offline mode“ if required. These slaves should be > updated from time to time with data from the master server. > > > My first question is: Is LDAP in general a suitable protocol for these > requirements
Yes. Definitively yes. For the record, this is what Microsoft is doing with Active Directoy, where everyone can connect on his/her machine even if it's not connected to the domain server. > and is Apache DS an appropriate server when it comes to such master-slave > scenario with slaves all over the internet? Assuming you don't have a lot of modifications, most certainly. And if ApacheDS is not fast enough for your needs, you can even use OpenLDAP as a central server, with ApacheDS being distributed - they are usig the same replication protocol, syncrepl -. > The slaves would run as embedded clients inside a java application on a > desktop pc. That's fine. > > My second question would be: Do firewalls typically allow connections to LDAP > or LDAPS ports? This has to be configured. But if this becomes a problem, we have worked on some scenario where we use DSML instead of pure LDAP, thus allowing your applicatio, to use port 80. This is not part of the main server though, it has to be added (and, no this is not complicated). > if not, is there any way to run replication over something that firewalls > usually permit? replicatio is pure LDAP. Using a DSML proxy should work, or some LDAP <-> Json transport. I would left Kiran replied here. Hope it helps. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
