I have previously asked this question with no response 18 months ago, I would still like some assistance I have configured multiple LDAPs in a Mirror-Mode configuration and fronted by OpenLDAP in proxy mode. I understand that the list contained in the DBURI attribute is used to define the backends, and all the proxies are configured with the same list. I understand that first URI in the DbURI attribute will be used unless this fails, in which case it will fall back to the second URI. It will then keep on the second one until that one fails. This seems fine for most failure cases, when all proxies recognise the same failure. If communication fails between one proxy and the one backend LDAP and doesn't affect all proxies, writes will now be directed to different backends from different proxies. Is there some way to keep the proxies in-line or recognise a failure on one proxy and force the others to change. Or is this not needed?
On Thu, 12 Aug 2021 at 18:05, Wayne McNaught wayne.mcnaught@landregistry.gov.uk wrote:
I have previously asked this question with no response 18 months ago, I would still like some assistance I have configured multiple LDAPs in a Mirror-Mode configuration and fronted by OpenLDAP in proxy mode. I understand that the list contained in the DBURI attribute is used to define the backends, and all the proxies are configured with the same list. I understand that first URI in the DbURI attribute will be used unless this fails, in which case it will fall back to the second URI. It will then keep on the second one until that one fails. This seems fine for most failure cases, when all proxies recognise the same failure. If communication fails between one proxy and the one backend LDAP and doesn't affect all proxies, writes will now be directed to different backends from different proxies. Is there some way to keep the proxies in-line or recognise a failure on one proxy and force the others to change. Or is this not needed?
Hi Wayne,
Have you done Multi-Master or multiple pairs of nodes fronted by proxy mode? I'm not clear on your first sentence.
Thanks.
Hi Gavin, Thanks for responding. At the moment we have 3 back-end OpenLDAP servers V2.4 in Multi-Master mode with N-Way Multi-Provider replication. We have then fronted these with 3 front-end OpenLDAP servers using a BACK-LDAP proxy to direct the traffic to one node, which changes the configuration to be a Mirror-Mode configuration. As we have 3 proxies for HA there are concerns that if the proxies come out of line writes would be going to multiple backends and remove the advantages of using this mode. Wayne
Hi Wayne,
Ah, OK. What's your concern with just running with N-Way?
Thanks.
On Fri, 13 Aug 2021 at 21:33, Wayne McNaught wayne.mcnaught@landregistry.gov.uk wrote:
Hi Gavin, Thanks for responding. At the moment we have 3 back-end OpenLDAP servers V2.4 in Multi-Master mode with N-Way Multi-Provider replication. We have then fronted these with 3 front-end OpenLDAP servers using a BACK-LDAP proxy to direct the traffic to one node, which changes the configuration to be a Mirror-Mode configuration. As we have 3 proxies for HA there are concerns that if the proxies come out of line writes would be going to multiple backends and remove the advantages of using this mode. Wayne
Hi Gavin, Sorry for the delay in responding, I had a few days down time. The mirror-mode configuration was selected as data consistency, reducing chance of conflicts and high availability are all characteristics that we wish to have in the platform. It may be that I have selected the wrong topology, but reading the manual the Mirror-mode topology appeared to hit all the right points.
I wanted to reduce the chances of having to deal with write conflicts due to multiple writes been sent multiple providers at a time.
Hope this explains the rational.
Cheers
Wayne
-----Original Message----- From: Gavin Henry ghenry@suretec.co.uk Sent: 13 August 2021 22:07 To: Mcnaught, Wayne Wayne.McNaught@landregistry.gov.uk Cc: openldap-technical@openldap.org Subject: Re: Configuring OpenLdap Proxy for Mirror-Mode
Hi Wayne,
Ah, OK. What's your concern with just running with N-Way?
Thanks.
On Fri, 13 Aug 2021 at 21:33, Wayne McNaught wayne.mcnaught@landregistry.gov.uk wrote:
Hi Gavin, Thanks for responding. At the moment we have 3 back-end OpenLDAP servers V2.4 in Multi-Master mode with N-Way Multi-Provider replication. We have then fronted these with 3 front-end OpenLDAP servers using a BACK-LDAP proxy to direct the traffic to one node, which changes the configuration to be a Mirror-Mode configuration. As we have 3 proxies for HA there are concerns that if the proxies come out of line writes would be going to multiple backends and remove the advantages of using this mode. Wayne
______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
HM Land Registry’s ambition is to become the world’s leading land registry for speed, simplicity and an open approach to data. Our mission is: “Your land and property rights: guaranteed and protected”.
We check all mail and attachments for known viruses. However, you are advised that you open any attachments at your own risk. If you have received this email and it was not intended for you, please let us know, then delete it.
We welcome correspondence in English and Welsh.
To see how HM Land Registry treats your personal information, read our Personal information charter: www.gov.uk/government/organisations/land-registry/about/personal-information-charter.
______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
openldap-technical@openldap.org
-
Gavin Henry -
Gavin Henry -
Mcnaught, Wayne -
Wayne McNaught