[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Being a consumer and a provider for the same database (toward different servers) ?
jmbajet@gmail.com writes:
> Hello,
>
> I'am quite new to Ldap and OpenLdap,
>
> I must propose a solution that is stable and very reliable.
> so I don't know which solution is Best.
>
> * A hub server which polls changes from subsidiaries and then
> subsidiaries polls changes from other subsidiaries from the hub server
>
> * Or a back-ldap with proxycaching in the subsidiaries
>
>
> -Do LDAP users in the subsidiaries will be seen by the main server as normal direct ldap
> connections ?
No, the clients in the subsidiaries cantact the local ldap proxy
> -Do the ACL (for LDAP users) on the real main server won't be
> bypassed ?
That depends on your configuration. You may either configure the ldap
proxies to use proxyauth or pass simple binds through to the master
> -Do I need to design the directory (schema, acl) with the fact that I may use a
> proxy ?
You may configure ACL's on your master to match proxyauth
authentication.
> - Does populating large group with members (>1000 < 10000) work well
> (through proxy) ?
Yes.
>
> In other words , is the proxy real transparent to Ldap client
> operations (read, writes) or Acl, schema definitions
> (I don't want to do any attributes or object mapping)
Yes, as long as the master is an openldap server.
> - Do the back-end ldap and proxy cache are stable and reliable enough to be used
> in a heavy production env. ?
In most cases, yes, but you should test it in your environment
> (The directory must be deployed in 8 month so I hope until then Old
> 2.3.x will be stable)
That is plenty of time :-)
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6