Date: Thu, 08 Jul 2010 22:51:31 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Frank Bonnet <f.bonnet@esiee.fr> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Openldap clustering ? Message-ID: <4C364863.4080700@infracaninophile.co.uk> In-Reply-To: <4C358AA1.40208@esiee.fr> References: <4C358AA1.40208@esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC8C35EA3D675D4823CA7E27A Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 08/07/2010 09:21:53, Frank Bonnet wrote: > Could anybody recommend a rock solid software to build > an OpenLDAP cluster with FreeBSD 8.0 ? Well, you're off to a good start with FreeBSD and OpenLDAP. In fact, you don't really need much more than that. As mentioned else-thread, you can set up master-master replication between a couple of OpenLDAP instances quite readily: unlike say, M-M replication in MySQL, this is pretty robust[*] and you can write to the directory on either server. You can also expand to a ring topology with three or more servers, plus many other possibilities, and site-to-site replication also works pretty well over long distances, but that's probably getting beyond the scope of what you want. The really handy thing about LDAP is that you can do quite a reasonable High-Availability setup with no extra software or hardware -- it's a lot like DNS in that respect. Simply specify a series of LDAP servers in the ldap.conf (or pam-ldap.conf or nss-ldap.conf) on each client, and the client will try each in turn until it reaches one it can bind to successfully. This does introduce a little extra latency here and there, but nothing particularly drastic. There is also a method of distributing traffic using SRV records that can be managed centrally in the DNS but AFAIK, {nss,pam}-ldap.conf don't understand it -- other clients do and will work just fine. You can use CARP or relayd or HW load balancers or other technologies to make the H-A almost seamless, but frequently the extra complication just doesn't provide enough extra performance to justify the effort or the expense. Test early, and test often while working up your cluster. Cheers, Matthew [*] Partly this is due to the intrinsic nature of LDAP directories, where there tend to be far fewer uniqueness constraints, and partly its because LDAP servers generally service far more reads than writes -- more so than typical RDBMS usage. Mostly however, it's because LDAP replicates the modified data, rather than replaying a stream of update queries on the replication targets. --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enigC8C35EA3D675D4823CA7E27A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkw2SGoACgkQ8Mjk52CukIxz6wCfY0VV2f8Y2NxVReuaCVt5fAD9 NAgAn0/HckaRodMuIqQbuVhDFCM7BpNM =vgVl -----END PGP SIGNATURE----- --------------enigC8C35EA3D675D4823CA7E27A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C364863.4080700>