[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Replication: 1 DN for all slaves.
Hi,
Do you think it's a bad practice to have one DN shared between all
slaves? Of course this DN is different from the rootdn. My ideas why
it's not:
- I have to worry about one pair dn/pass, I still have to worry
about security on all slave server machines, that's the main problem,
I know, but there are so many passwords, minimize that can be good.
- If someone manages to get the DN pass, he/she can write to the
master (since on the master that DN has write access to "*", then all
the slaves, even the ones not hacked, will get that new compromised
tree. If replication were not automatic, having one dn/pass to each
slave would allow me to have some slaves with a "good" tree on the
event someone gets the dn/pass of a slave, and then writing on the
master would not affect all slaves. Since it is automatic.. and I have
no reason to make happen by human interaction, one slave affected
means all slaves and the server affected, even with different
DN's/passwords.
Did I miss anything?
thanks,
Lauro
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.