Hello People,
I'm in doubt what design I need to use for openldap This is the situation;
We have 1200+ customers using LDAP. We want to replicate all these ldap server to 1 big ldapserver in a datacentre with a multi-master config. So all the customers are a master-ldap who replicate to the datacentre.
My idea was to build in the datacentre a ldapcluster of about 4 server
My question is: Will this be stable, because there will be 1200+ ldapservers replicating to 4 ldapserver in the datacentre.
I know this depends on the number of write actions at the customers. All I can say is that write actions at the customers isn't THAT much.
I really hope somebody can give me an answer or maybe there's somebody else with the same config
Best Regards
Hendrik,
Hendrik van der Ploeg schrieb am 15.02.2011 08:47 Uhr:
I'm in doubt what design I need to use for openldap This is the situation;
We have 1200+ customers using LDAP. We want to replicate all these ldap server to 1 big ldapserver in a datacentre with a multi-master config.
This means each customer has its own ldap server and you will have 1200+ ldap servers?
So all the customers are a master-ldap who replicate to the datacentre.
"all the customers (=ldap servers) _are_ master-ldap"? This would mean you have 1200+ provider/master!?
My idea was to build in the datacentre a ldapcluster of about 4 server
What for then?
My question is: Will this be stable, because there will be 1200+ ldapservers replicating to 4 ldapserver in the datacentre.
You do not want it the other way around and have 4 (multi-)master in the datacenter and 1200+ replicas outside, do you?
I know this depends on the number of write actions at the customers. All I can say is that write actions at the customers isn't THAT much.
I really hope somebody can give me an answer or maybe there's somebody else with the same config
We have one provider and 160 consumers - and this is IMHO called "a lot" here, if I'm right ...
Marc
Hello,
Thank you for answering. Yes, every customer has it's own ldap server which should be master.
*/Q: You do not want it the other way around and have 4 (multi-)master in the datacenter and 1200+ replicas outside, do you? /* That would be the best design indeed, but the problem is that the customers need write access to their own ldapserver.
Now I hear you thinking; Customers can have write access in the datacentre and it then will be replicated to the customers own ldapserver. The problem is that a lot of customers have quite a bad vpn connection to the datacentre and when they add a user for example it must be available immediatley. And with a failing vpn connection nothing happens. they MUST be able to write in their own local ldapserver
Regards
Hendrik Noordwijkerhout Holland
Hendrik van der Ploeg schrieb am 15.02.2011 08:47 Uhr:
I'm in doubt what design I need to use for openldap This is the situation;
We have 1200+ customers using LDAP. We want to replicate all these ldap server to 1 big ldapserver in a datacentre with a multi-master config.
This means each customer has its own ldap server and you will have 1200+ ldap servers?
So all the customers are a master-ldap who replicate to the datacentre.
"all the customers (=ldap servers) _are_ master-ldap"? This would mean you have 1200+ provider/master!?
My idea was to build in the datacentre a ldapcluster of about 4 server
What for then?
My question is: Will this be stable, because there will be 1200+ ldapservers replicating to 4 ldapserver in the datacentre.
You do not want it the other way around and have 4 (multi-)master in the datacenter and 1200+ replicas outside, do you?
I know this depends on the number of write actions at the customers. All I can say is that write actions at the customers isn't THAT much.
I really hope somebody can give me an answer or maybe there's somebody else with the same config
We have one provider and 160 consumers - and this is IMHO called "a lot" here, if I'm right ...
Marc
Hendrik van der Ploeg wrote:
Hello,
Thank you for answering. Yes, every customer has it's own ldap server which should be master.
*/Q: You do not want it the other way around and have 4 (multi-)master in the datacenter and 1200+ replicas outside, do you? /* That would be the best design indeed, but the problem is that the customers need write access to their own ldapserver.
Now I hear you thinking; Customers can have write access in the datacentre and it then will be replicated to the customers own ldapserver. The problem is that a lot of customers have quite a bad vpn connection to the datacentre and when they add a user for example it must be available immediatley. And with a failing vpn connection nothing happens. they MUST be able to write in their own local ldapserver
Your reasoning is sound. It's just a question of system resources; 1200 consumer configs in a single slapd process will probably occupy a lot of RAM. An active consumer requires a slapd thread when processing incoming changes. If you want instantaneous processing of all incoming changes that means you must be able to handle 1200 concurrent threads, worst case. If your real world load will be lower than that, adjust downward accordingly.
Regards
Hendrik Noordwijkerhout Holland
Hendrik van der Ploeg schrieb am 15.02.2011 08:47 Uhr:
I'm in doubt what design I need to use for openldap This is the situation;
We have 1200+ customers using LDAP. We want to replicate all these ldap server to 1 big ldapserver in a datacentre with a multi-master config.
This means each customer has its own ldap server and you will have 1200+ ldap servers?
So all the customers are a master-ldap who replicate to the datacentre.
"all the customers (=ldap servers) _are_ master-ldap"? This would mean you have 1200+ provider/master!?
My idea was to build in the datacentre a ldapcluster of about 4 server
What for then?
My question is: Will this be stable, because there will be 1200+ ldapservers replicating to 4 ldapserver in the datacentre.
You do not want it the other way around and have 4 (multi-)master in the datacenter and 1200+ replicas outside, do you?
I know this depends on the number of write actions at the customers. All I can say is that write actions at the customers isn't THAT much.
I really hope somebody can give me an answer or maybe there's somebody else with the same config
We have one provider and 160 consumers - and this is IMHO called "a lot" here, if I'm right ...
Marc
openldap-technical@openldap.org
-
Hendrik van der Ploeg -
Hendrik van der Ploeg
-
Howard Chu -
Marc Patermann