Howard Chu wrote:
Bruno Lezoray EMSM wrote:
Howard Chu wrote:
In OpenLDAP 2.3 this will require one more slapd process (while eliminating the slurpd process).
1 provider 2 regular consumer 2A back-ldap consumer 3 external replica
To follow with the same restrictions:
Only the 2nd instance can establish TCP connections on 1st and 3rd instances. TCP connections in the other direction is forbidden >:o .
That was obvious, given your firewall setup.
Is it possible to configure the different instances to enable replication in the both direction ? 1 <-> 2 <-> 3
Of course, but that would be a bad idea. Think about what you're doing. The reason you put a *read-only* replica outside the firewall is because it resides on an untrusted network. If you start accepting changes from it, it's like punching a hole in your firewall and letting the outside world in.
It's not a untrusted network. instance 1 and 3 are in a DMZ with restricted access by firewalls several levels of firewalls. I don't know the complete details of the architecture but i am confident in it (i have no other choice).
For the moment, instance 3 can't accept modification except with the bind DN of the updatedn parameter. Which solution can i have ? - setup 2 masters and 2 back-ldap that synchronize each one in a direction ? - another solution
Rgds, Bruno.