I’m in the way to replace our main ldap server with the moe nest recent version. As the OS
of the current one is quite old we will host it on a new computer.
For now the architecture is the following :
master-ldap with two local replica via syncprov and another replica with a proxy sync
(suffix on the master with a ldap backend) so we jump the internal firewall.
The master-ldap is the only one in read/write so all the modifications are done here.
What I plan is the following :
- add the new ldap server
- setup a multi-master replication with the old master
- move the replica from the old one to the new one
- move the write operations from the old one to the new one
- disconnect the old one.
Does anybody see a flaw in this plan ?