On Monday 11 August 2008 13:52:49 Gustavo Mendes de Carvalho wrote:
Hi Buchan,
Now I am planning to put another LDAP slave in other geographical place (far from this 2 servers) and because of that I am planning to put some slave server receiving all updates from master server, but in all ldap client machines in this new location I would like to configure this new slave server (Slave server 2) as URI host in ldap.conf files. I mean Location 1: Master server 1 and slave server 1 Location 2: Slave server 2
If you configure the updateref correctly on the slave, then the client
will get a referral
when it tries to make a change. If the client chases referrals (samba and
pam_ldap do),
then they will re-try their change against the master on their own.
I already use updateref, but only in same physical place (I mean, for slave ldap server). I am concerned about links among them, because when I configure updateref in slave server 2 (location 2) I want avoid some problem when user is changing password or something else and slave server 2 can't contact master server 1, in location 1
No, with a conventional master-slave setup, the slave will not contact the master, the *client*, that originally connected to the slave, should re- connect to the master, and try the change there.
If you have the master listed as the fallback on the clients, if the slave is unavailable, the client should fall back to the master in any case. Adding slapo-chain here would not provide any benefit (unless you can't allow the clients to connect to the master).
If you want HA writes, and you are sure you have everything in place to avoid conflicting changes, you could use the multi-master replication support in 2.4, but honestly, in your architecture (with the clients in site2 listing only one server in their configuration), IMHO your bigger problem is going to be what happens then site 2 has no working LDAP server (e.g. during reboot of slave for kernel update etc.), and the added complexity of multi-master is not worth it ...
IMHO, too many people are rushing after slapo-chain and multi-master instead of just getting the basics right.
Regards, Buchan