[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A few questions

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: A few questions
From: Harry Sufehmi <milis-2@harrysufehmi.com>
Date: Fri, 12 Nov 2004 14:20:53 +0000
In-reply-to: <4194B1B2.8070404@symas.com>
References: <4194A3AB.6070004@harrysufehmi.com> <4194B1B2.8070404@symas.com>
User-agent: Mozilla Thunderbird 0.8 (Windows/20040913)

Howard Chu wrote:

Harry Sufehmi wrote:
At the moment I'm trying to implement OpenLDAP -> AD sync and OpenLDAP -> OpenLDAP sync. A few days ago I was a total OpenLDAP newbie though, but I'm trying hard to rectify this, especially since my manager has expressed his interest on OpenLDAP to be used in our 15,000+ users IT infrastructure.
I think you should be prepared to lower some expectations here...

I wouldn't be too surprised if I misinterpreted things :-) hence the original post, to clarify things.

Reading OpenLDAP admin guide has raised a few questions / need for clarifications, which I hope somebody here can help me with : # I read that slapd can only function as LDAP Sync provider only when it's configured with either back-bdb or back-hdb. Is this still the case with version 2.2.17 / 2.2.18 ?
Yes. What backend would you prefer to use?


At least MySQL, with the possibility of using Oracle.

But then again, in the current evaluation, OpenLDAP with BDB is already outperforming AD by almost a factor of 2; so I wouldn't dismiss the possibility of OpenLDAP not using back-sql.

# Quote from chapter 14.2 : "Multiple replicas of single provider content share the same per-scope session log". Does this mean that if one of the replicas are down for a period of time, it may risk missing any updates occuring within that time ?
No, the session log is only an aid for increasing efficiency. If a particular replica is down for long enough that its content is too far out of sync, the protocol will automatically initiate a full reload of all the data.


That's fair enough in my opinion.

# It seems that it's possible to implement a multi-master replication with OpenLDAP, by getting all the master servers to do 2 way sync with each other. Do please feel free to correct me if I'm wrong.
It is not explicitly supported. I suspect you will cause an infinite update loop if you try it, but I don't know (haven't tried it).

Alright, in that case I guess I must include this scenario as part of my evaluation.

# Is there any good HOWTO on doing OpenLDAP -> AD sync ? I can try to figure this out myself, but it'll help tremendously if there's already a good documentation on the subject.
slurpd is more likely to work here.


OK, will give this a try.

Thanks for your reply Howard - and if anyone else have something more to share, do please let us know.


Many thanks,
Harry

References:
- A few questions
  - From: Harry Sufehmi <milis-2@harrysufehmi.com>
- Re: A few questions
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: SSHA Encryption
Next by Date: Whats the best way to get started
Index(es):
- Chronological
- Thread