I am not understanding what happens to my clients if something happens to my provider. In some replication systems when the main server fails you can start using the machine that was replicated to as your primary.
This is called Active-Active Hot Standby and can be done with MirrorMode.
Does the consumer act as a slave machine?
It can be, depends how you've set it up, which you have told us ;-)
On each of my clients do I point them to the provider/consumer.
It depends on what your clients are doing, if it's all readonly, then point them at both. Tell us more.
I don’t think MirrorMode is available in 2.3. Here is my setup below. What am I missing? I had to download the overlays from the beta channels just to get ppolicy. My goal is to provide a mechanism for authentication users and have a redundancy in case I love the provider. I may be trying to over analyze this configuration but the documents are a little confusing.
1. Configured a single LDAP server 2. Configured syncrepl on the provider 3. Configured a single consumer "refreshonly" 4. I have several applications and client connecting to the provider. Each application and client only point to the provider. . Squid . Samba . Dovecot . End Users authenticating through gdm
Thanks Again
John Allgood Senior Systems Administrator Turbo, division of OHL 2251 Jesse Jewell Pky. NE Gainesville, GA 30507 tel: (678) 989-3051 fax: (770) 531-7878
jallgood@ohl.com www.ohl.com
-----Original Message----- From: Gavin Henry [mailto:ghenry@suretecsystems.com] Sent: Wednesday, January 14, 2009 12:03 PM To: Allgood, John Cc: openldap-technical@openldap.org Subject: Re: Syncrepl Questions
I am not understanding what happens to my clients if something happens to my provider. In some replication systems when the main server fails you can start using the machine that was replicated to as your primary.
This is called Active-Active Hot Standby and can be done with MirrorMode.
Does the consumer act as a slave machine?
It can be, depends how you've set it up, which you have told us ;-)
On each of my clients do I point them to the provider/consumer.
It depends on what your clients are doing, if it's all readonly, then point them at both. Tell us more.
----- "John Allgood" jallgood@ohl.com wrote:
I don’t think MirrorMode is available in 2.3. Here is my setup below. What am I missing? I had to download the overlays from the beta channels just to get ppolicy. My goal is to provide a mechanism for authentication users and have a redundancy in case I love the provider. I may be trying to over analyze this configuration but the documents are a little confusing.
- Configured a single LDAP server
- Configured syncrepl on the provider
- Configured a single consumer "refreshonly"
- I have several applications and client connecting to the provider.
Each application and client only point to the provider. . Squid . Samba . Dovecot . End Users authenticating through gdm
OK, these all look like read only apps. Why not point them to both servers or setup 2 consumers and point them all to that.
Why are you still on 2.3? Beta channels of what?
Hello Again
Maybe by the end of this project I will be somewhat of an ldap expert until them please bear with me. I think I have gotten a little more understanding to how this will work. I have a provider and a consumer up and running and I am pointing each application and or server to both the provider and the consumer. Also there is something called referrals that are talked about for the consumer. Is this something I will need to use. We started building the ldap server about a month ago. We have not really had the time to do proper research due to time constraints. We just used the rpms that Redhat provided with RHEL5 which is openldap 2.3. The rpms built from Redhat did not have the ppolicy overlay built in. I found the overlays on the Beta channels from Redhat Network and used those to get the ppolicy. I wish Redhat would stay a little more up2date. Anyways if there is anymore advise that can be provided I would appreciate it. Oh one more thing. When I was setting up syncprov for the first time I missed the part about loading the module in the slapd.conf. I did enter the overlay syncprov to my config and it appears to work. Can syncprov be built into openldap and not loaded as an module. Just wanted some verification on this issue.
Thanks Again
John Allgood Senior Systems Administrator Turbo, division of OHL 2251 Jesse Jewell Pky. NE Gainesville, GA 30507 tel: (678) 989-3051 fax: (770) 531-7878
jallgood@ohl.com www.ohl.com
-----Original Message----- From: Gavin Henry [mailto:ghenry@suretecsystems.com] Sent: Thursday, January 15, 2009 3:36 PM To: Allgood, John Cc: openldap-technical@openldap.org Subject: Re: Syncrepl Questions
----- "John Allgood" jallgood@ohl.com wrote:
I don’t think MirrorMode is available in 2.3. Here is my setup below. What am I missing? I had to download the overlays from the beta channels just to get ppolicy. My goal is to provide a mechanism for authentication users and have a redundancy in case I love the provider. I may be trying to over analyze this configuration but the documents are a little confusing.
- Configured a single LDAP server
- Configured syncrepl on the provider
- Configured a single consumer "refreshonly"
- I have several applications and client connecting to the provider.
Each application and client only point to the provider. . Squid . Samba . Dovecot . End Users authenticating through gdm
OK, these all look like read only apps. Why not point them to both servers or setup 2 consumers and point them all to that.
Why are you still on 2.3? Beta channels of what?
--On Thursday, January 15, 2009 3:10 PM -0600 "Allgood, John" jallgood@ohl.com wrote:
We started building the ldap server about a month ago. We have not really had the time to do proper research due to time constraints. We just used the rpms that Redhat provided with RHEL5 which is openldap 2.3. The rpms built from Redhat did not have the ppolicy overlay built in. I found the overlays on the Beta channels from Redhat Network and used those to get the ppolicy. I wish Redhat would stay a little more up2date. Anyways if there is anymore advise that can be provided I would appreciate it. Oh one more thing. When I was setting up syncprov for the first time I missed the part about loading the module in the slapd.conf. I did enter the overlay syncprov to my config and it appears to work. Can syncprov be built into openldap and not loaded as an module. Just wanted some verification on this issue.
Don't use the crap shipped by RH. It's built for client libraries, not for running a production LDAP service. See:
http://www.openldap.org/faq/data/cache/1456.html
Since you're using RHEL, I would advise one of two things:
(a) Use Symas' builds (http://www.symas.com, Silver is free, other editions come with more features and support for cash), or (b) Use the builds by Buchan Milne (http://staff.telkomsa.net/packages)
If you have a production application where you need support available and you're not terribly familiar with LDAP, I strongly advise (a).
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Allgood, John -
Gavin Henry -
Quanah Gibson-Mount