I want to set up a cluster of ldap servers. In that cluster, I want:
- One primary supplier server - One hot standby supplier server - N read only consumer replicas. - a load balancer that directs all writes to the primary master if it's up, or the standby if it's down.
However, I want operational attributes like password policy attributes to be replicated across the cluster. My understanding is that if I set up two suppliers and N consumers, operational attribute changes (such as password policy attrs) on the consumers will not replicate across the cluster.
I was thinking that to resolve this, I should instead set up as follows:
- All servers are "master" supplier servers (N+2 way multi-master). - On designated primary and hot standby suppliers, create all my read/write aci's. - On all the other servers (the N consumers), define only non-write aci's. - a load balancer that directs all writes to the primary "master" if it's up, or the standby if it's down.
My thinking is that this would allow all the servers to exchange operational attribute changes (i.e. password policy, etc), but limit writes from external clients to the designated "master" servers.
Would this work as I am thinking? Any caveats? Or am I completely missing something important that will invalidate this idea?
Thanks, - Jeff