Hello all,
I have some questions regarding overlay configuration for consumer and provider server.
It is necessary to load the same overlay modules in a consumer configuration? Is it also necessary to configure the overlay like in the provider configuration ?
There are overlays that are needed only for the provider, e.g. syncprov. Others are only needed for the consumer like the chaining overlay.
But for other overlays it is not that clear:
Dynlist needs to be configured for both servers.
But what's about dds, ppolicy and refinit? Here maybe a provider configuration is enough.
Is there a simple best practise ?
Thanks in advance.
Regards
Uli
Uli Tehrani wrote:
It is necessary to load the same overlay modules in a consumer configuration?
Is it also necessary to configure the overlay like in the provider configuration ?
In general: No.
In detail: It depends.
There are overlays that are needed only for the provider, e.g. syncprov. Others are only needed for the consumer like the chaining overlay.
So you're already answering your own general question. ;-)
But for other overlays it is not that clear:
Dynlist needs to be configured for both servers.
But what's about dds, ppolicy and refinit?
slapo-dds writes to expiring entries and processes Refresh Operation Requests. You don't need that on read-only consumers.
I'm pretty sure you want to enforce your password policy everywhere. So slapo-ppolicy is needed on both.
slapo-refint potentially writes to referencing entries. Those write requests usually get replicated. You don't need that on read-only consumers.
Opposite example: Modifications by slapo-memberOf are not replicated. So you need that on read-only consumers.
Is there a simple best practise ?
No.
slapo-constraint and slapo-unique are also overlays you don't need on read-only consumers.
Another exotic example: I'm running slapo-accesslog even on consumers because then local write requests of slapo-ppolicy are recorded in a database then. Costs performance though.
Ciao, Michael.
Hello Michael,
thanks a lot for your help.
Kind regards
Uli
Am 30.10.2014 16:07, schrieb Michael Ströder:
Uli Tehrani wrote:
It is necessary to load the same overlay modules in a consumer configuration?
Is it also necessary to configure the overlay like in the provider configuration ?
In general: No.
In detail: It depends.
There are overlays that are needed only for the provider, e.g. syncprov. Others are only needed for the consumer like the chaining overlay.
So you're already answering your own general question. ;-)
But for other overlays it is not that clear:
Dynlist needs to be configured for both servers.
But what's about dds, ppolicy and refinit?
slapo-dds writes to expiring entries and processes Refresh Operation Requests. You don't need that on read-only consumers.
I'm pretty sure you want to enforce your password policy everywhere. So slapo-ppolicy is needed on both.
slapo-refint potentially writes to referencing entries. Those write requests usually get replicated. You don't need that on read-only consumers.
Opposite example: Modifications by slapo-memberOf are not replicated. So you need that on read-only consumers.
Is there a simple best practise ?
No.
slapo-constraint and slapo-unique are also overlays you don't need on read-only consumers.
Another exotic example: I'm running slapo-accesslog even on consumers because then local write requests of slapo-ppolicy are recorded in a database then. Costs performance though.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Uli Tehrani