I want to set up a cluster of ldap servers. In that cluster, I want:
- One primary supplier server
- One hot standby supplier server
- N read only consumer replicas.
- a load balancer that directs all writes to the primary master if it's
up,
or the standby if it's down.
However, I want operational attributes like password policy attributes
to be replicated across the cluster. My understanding is that if I
set up two suppliers and N consumers, operational attribute changes
(such as password policy attrs) on the consumers will not replicate
across the cluster.
I was thinking that to resolve this, I should instead set up as follows:
- All servers are "master" supplier servers (N+2 way multi-master).
- On designated primary and hot standby suppliers, create all my
read/write aci's.
- On all the other servers (the N consumers), define only non-write
aci's.
- a load balancer that directs all writes to the primary "master" if
it's up,
or the standby if it's down.
My thinking is that this would allow all the servers to exchange
operational
attribute changes (i.e. password policy, etc), but limit writes from
external clients to the designated "master" servers.
Would this work as I am thinking? Any caveats? Or am I completely
missing something important that will invalidate this idea?
Thanks,
- Jeff