Date: Thu, 08 Jul 2010 22:51:31 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Frank Bonnet <f.bonnet@esiee.fr> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Openldap clustering ? Message-ID: <4C364863.4080700@infracaninophile.co.uk> In-Reply-To: <4C358AA1.40208@esiee.fr> References: <4C358AA1.40208@esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC8C35EA3D675D4823CA7E27A
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 08/07/2010 09:21:53, Frank Bonnet wrote:
> Could anybody recommend a rock solid software to build
> an OpenLDAP cluster with FreeBSD 8.0 ?
Well, you're off to a good start with FreeBSD and OpenLDAP. In fact,
you don't really need much more than that. As mentioned else-thread,
you can set up master-master replication between a couple of OpenLDAP
instances quite readily: unlike say, M-M replication in MySQL, this is
pretty robust[*] and you can write to the directory on either server.
You can also expand to a ring topology with three or more servers, plus
many other possibilities, and site-to-site replication also works pretty
well over long distances, but that's probably getting beyond the scope
of what you want.
The really handy thing about LDAP is that you can do quite a reasonable
High-Availability setup with no extra software or hardware -- it's a lot
like DNS in that respect.
Simply specify a series of LDAP servers in the ldap.conf (or
pam-ldap.conf or nss-ldap.conf) on each client, and the client will try
each in turn until it reaches one it can bind to successfully. This
does introduce a little extra latency here and there, but nothing
particularly drastic. There is also a method of distributing traffic
using SRV records that can be managed centrally in the DNS but AFAIK,
{nss,pam}-ldap.conf don't understand it -- other clients do and will
work just fine.
You can use CARP or relayd or HW load balancers or other technologies to
make the H-A almost seamless, but frequently the extra complication just
doesn't provide enough extra performance to justify the effort or the
expense. Test early, and test often while working up your cluster.
Cheers,
Matthew
[*] Partly this is due to the intrinsic nature of LDAP directories,
where there tend to be far fewer uniqueness constraints, and partly its
because LDAP servers generally service far more reads than writes --
more so than typical RDBMS usage. Mostly however, it's because LDAP
replicates the modified data, rather than replaying a stream of update
queries on the replication targets.
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
--------------enigC8C35EA3D675D4823CA7E27A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkw2SGoACgkQ8Mjk52CukIxz6wCfY0VV2f8Y2NxVReuaCVt5fAD9
NAgAn0/HckaRodMuIqQbuVhDFCM7BpNM
=vgVl
-----END PGP SIGNATURE-----
--------------enigC8C35EA3D675D4823CA7E27A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C364863.4080700>