[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap design



Hello,

Thank you for answering.
Yes, every customer has it's own ldap server which should be master.

Q: You do not want it the other way around and have 4 (multi-)master in the datacenter and 1200+ replicas outside, do you?
That would be the best design indeed, but the problem is that the customers need write access to their own ldapserver.

Now I hear you thinking; Customers can have write access in the datacentre and it then will be replicated to the customers own ldapserver.
The problem is that a lot of customers have quite a bad vpn connection to the datacentre and when they add a user for example it must be available immediatley.
And with a failing vpn connection nothing happens. they MUST be able to write in their own local ldapserver

Regards

Hendrik
Noordwijkerhout
Holland



Hendrik van der Ploeg schrieb am 15.02.2011 08:47 Uhr:

I'm in doubt what design I need to use for openldap
This is the situation;

We have 1200+ customers using LDAP. We want to replicate all these ldap
server to 1 big ldapserver in a datacentre with a multi-master config.
This means each customer has its own ldap server and you will have 1200+ ldap servers?

So all the customers are a master-ldap who replicate to the datacentre.
"all the customers (=ldap servers) _are_ master-ldap"?
This would mean you have 1200+ provider/master!?

My idea was to build in the datacentre a ldapcluster of about 4 server
What for then?

My question is: Will this be stable, because there will be 1200+ ldapservers replicating
to 4 ldapserver in the datacentre.
You do not want it the other way around and have 4 (multi-)master in the datacenter and 1200+ replicas outside, do you?

I know this depends on the number of write actions at the customers. All I
can say is that write actions at the customers isn't THAT much.

I really hope somebody can give me an answer or maybe there's somebody
else with the same config
We have one provider and 160 consumers - and this is IMHO called "a lot" here, if I'm right ...


Marc