* Quanah Gibson-Mount quanah@symas.com [20181018 09:26]:
--On Thursday, October 18, 2018 11:10 AM +0200 Michael Ströder michael@stroeder.com wrote:
On 10/18/18 1:41 AM, Quanah Gibson-Mount wrote:
I've had setups with 2-node MMR on the front, and read only consumers. It works just fine, as long as any given consumer only points to one master. Theoretically, it's supposed to work so that consumers can point to more than one master in an MMR setup, but my experience didn't match that (http://www.openldap.org/its/index.cgi/?findid=8373).
There's no config in ITS#8373. But you mention accesslog DB. Does that mean your setup used delta-syncrepl?
Yes. It was simply a standard Zimbra MMR deployment.
If yes, does that issue also apply to normal syncrepl?
No idea. I generally consider "normal" syncrepl unsafe as using it can lead to data loss. I use delta-syncrepl exclusively because of this, with a focus on eliminating all scnearios in which it might fall back to "normal" syncrepl. (See http://www.openldap.org/its/index.cgi/?findid=8125 for example).
--Quanah
I'd like to follow up on this discussion, sorry if I've taken so long to reply.
First, I'd like to thank all that have commented so far, much appreciated.
I have a few more questions because some sort of un-easiness about my setup has crept up in view of the different comments that have been written so far.
Right now I have 2 Debian Stretch 9.5 servers running 2.4.46 from the stretch backports. Servers are in a MMR setup, using syncrepl for replication (NOT delta-syncrepl), with a LMDB backend.
The intent is to use the directory as a users authentication repository for a 100+ workstations-- with what I said above, would such a setup considered safe? Am I asking for trouble down the road with version 2.4.46?
Finally, should I rather consider the LTB project for Debian OpenLDAP as been mentioned in some other threads rather than using the Debian backports? I'm a bit reluctant to roll my own packaging from source.
Sorry for the very naive questions, I'm still fairly new to OpenLDAP!
thanks! jf
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com