[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Setting up "slave" OpenLDAP server
On Tuesday 08 July 2008 19:58:24 John Oliver wrote:
> I know nothing about LDAP / OpenLDAP. With that out of the way...
>
> I have a CentOS 5 machine running openldap-2.3.27-8 I just built a
> CentOS 5.2 machine with openldap-2.3.27-8.el5_1.3 My goal is to have
> the LDAP on the first machine synch with, and stay synched to, the LDAP
> on the second machine, so if the first machine dies I can bring up an
> interface with it's IP on the second and get authentication working
> again.
Well, you should rather configure any LDAP clients to fail over to the second
LDAP server, so no intervention is required.
> I've Googled "LDAP replication" and "LDAP synchronization".
Why did you not consult the documentation for the software you are using?
http://www.openldap.org/doc/admin23/syncrepl.html#Configuring%20Syncrepl
BTW, there are probably some best practice issues that aren't covered there.
If you have configured your provider well, it is actually quite trivial to
add a new consumer without requiring any configuration changes on the
provider. The issues to take into account are:
-Ensuring the identity used by a new consumer has access to all the content
that you wish it to replicate (suggestion: add a group-based ACL allowing
read access to all entries)
-Ensuring the identity used by a new consumer has unlimited (size/time) access
to all the content that you wish to replicate (suggestion: add group-based
limit statements).
Then, adding a new consumer is reduced to adding an identity for the consumer
to use for replication, adding it to the appropriate group, and starting
slapd with a suitable configuration on the consumer.
Regards,
Buchan