[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: federated directory
>> interesting - I thought multi master was declared dead and impossible to
>> implement with OpenLDAP...
>
> It is; I suggest using the feature to allow simultaneous replication and
> regular write to the same database, keeping the proprietary and the
> shadowed data separated only programmatically, i.e. by means of ACLs and
> "suffix" parameters in the replica directives... i.e.:
>
> "master":
> - owns "dc=example,dc=com" except the children
> of "ou=Local,dc=example,dc=com"
> - the "replica" directive contains the option
> "suffix=ou=Global,c=example,dc=com" (assuming no changes
> will take place below it);
> - ACLs contain the rule
> access to dn.regex="((.+),)?cn=Slave
> (#[0-9]+),ou=Local,dc=example,dc=com$"
> by dn.exact,expand="cn=Replicator $3,ou=Local,dc=example,dc=com"
> write
> by * read
>
> "slave #n":
> - owns the subtree of "cn=Slave #n,ou=Local,dc=example,dc=com";
> - replicates the rest;
> - the "replica" directive contains the option
> "suffix=cn=Slave #n,ou=Local,dc=example,dc=com";
> - ACLs contain the rule
> access to dn.subtree="cn=Slave #n,ou=Local,dc=example,dc=com"
> by <your access rules>
> access to dn.regex="((.+),)?cn=Slave
> (#[0-9]+),ou=Local,dc=example,dc=com$"
> by dn.exact,expand="cn=Replicator $3,ou=Local,dc=example,dc=com"
> write
> by <your access rules>
> access to dn.subtree=ou=Global,dc=example,dc=com$"
> by dn.exact="cn=Global Replicator,ou=Local,dc=example,dc=com"
> write
> by <your access rules>
>
> Again, this is untested; I might want to test it some time, when I can
> spare a few cycles.
To make the story short: with a few changes, it works with slurpd as well,
exploiting the multimaster mechanism. Since both slurpd and multimaster
are or will be deprecated, I don't think adding a test is worth the
effort. I might pack the example files and put them on some ftp, if
there's interest in this solution.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497