Hello all,
I've successfully set-up a 2-node LDAP cluster, where each node is a provider to the other according to section 18.3.4 of the Administrator's Guide. The next logical step is to implement Load-Balancer/Proxy entities, which will ensure that writes always go to the same node.
So far my preliminary proxy configuration allows reading from the cluster successfully. Here are the relevant bits (LDIF whitespace manipulated for readability):
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * break
olcAccess: {1}to *
by * write
olcRootDN: cn=admin,dc=domain,dc=tld
olcRootPW: {SSHA}s3krit
olcSuffix:
olcDbStartTLS: start
olcDbURI: ldap://ldap1.domain.tld,ldap://ldap2.domain.tld
I understand that this configuration will always use the first URI in olcDbURI unless there is a failure, in which case it will fall back to the second URI (apparently after a timeout, and will then use it for subsequent operations until that fails too). I'm happy with this, although if there were a way to perform round-robin between the two for read operations, it would be ideal (is there?).
However, writes to the proxy won't work with this configuration. In the Administrator Manual it is stated that one should use the proxy "as a syncrepl provider", but I am not sure I understand how this is supposed to work. Am I supposed to add another olcSyncrepl attribute (there's already one for syncing the two MirrorMode nodes themselves) to the MirrorMode nodes pointing to the proxy? And if I have more than one proxy, should I add an olcSyncrepl attribute for each? And how do I ensure that only one of the MirrorMode nodes fetches data from the proxy provider(s) at any given time?
I've spent quite some time googling this to no avail. Any insight would be greatly appreciated. Thank you!
Best regards,
George