Thank you very much for such a detailed response.
We need HA for LDAP writes also.
We are using bdb.
Is it safe to upgraded to OpenLDAP 2.4 without testing compatibility/stability of it with
Can I use the package available at
ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/openldap-stable/openldap-stable-20090411.tgz? Or do I
need to get specific package for CentOS?
From: Buchan Milne [mailto:firstname.lastname@example.org]
Sent: Thursday, May 07, 2009 2:53 PM
Cc: Kukkala Prasad
Subject: Re: OpenLDAP 2.1 High Availability
On Thursday 07 May 2009 05:32:25 Kukkala Prasad wrote:
We are planning to configure High Availability for OpenLDAP 2.1 on Linux
Why 2.1? AFAIK, no version of CentOS shipped 2.1 anyway (RHEL3 had 2.0.27.
RHEL4 had 2.2.13, RHEL5 shipped with 2.3.27, but 5.3 now has a relatively
We are looking at following options and we want to check our
about corresponding options and looking for your valuable suggestions.
1. Using Replica Service
a. This is not enough because if master machine goes down then LDAP
updates will not be possible.
You haven't stated all your requirements, but if you require HA for writes,
then this is not a sufficient option.
2. Migrating to OpenLDAP2.4
a. Master-Master solution looks promising but in our current project
time line it is not possible to migrate.
Why not ? OpenLDAP 2.1 is very old, and not supported any more, same for 2.2,
and 2.3 is effectively end of life.
There are packages of 2.4 available for some versions of RHEL or CentOS.
3. Sharing LDAP file system on NFS
a. After going through the thread
understood that OpenLDAP does not support GFS or NFS.
It could work on GFS, but not concurrently, and GFS requires the same (or
better) infrastructure than a simple HA cluster.
However, I hope this is not the best option you found in researching this.
NFS can't work.
b. But the thread discussion happened very long back around in
2002. ????Is that conclusion applicable to OpenLDAP 2.1????
4. Hosting LDAP Service on CentOS Cluster Suite
a. ????Is it possible to configure "Active-Passive" setup using
CentOS Cluster Suite????
Of course. I have been running OpenLDAP masters on Red Hat Cluster Suite since
2004 on Red Hat Advanced Server 2.1 (with OpenLDAP 2.1.25). I currently have
an active-passive master cluster running RHEL3 with cluster suite, with
OpenLDAP 2.3.42 (will be upgraded to 2.3.43 tonight). It has seen a few
minutes of downtime in the past 3 years (about one minute for each OpenLDAP
upgrade as the service must be migrated twice).
You need some kind of shared storage solution for this (preferably FC SAN, but
iSCSI is an option, and DRBD could do the trick).
5. H/W based clustering
a. We don't know what are the possible solutions in this approach and
cost incurred. !!!!Please share your ideas.!!!!
a. We have NetApp 2020 Appliance
????Does this any way help us????
7. Other alternatives
a. !!!!We need your valuable ideas and suggestions.!!!!
I would probably go for an HA cluster with cluster suite using iSCSI for
shared storage, running 2.3.43 or 2.4.16.
Multi-master might also be an option, but then you *must* 2.4.16 (with patches
from CVS if you use hdb).
The information contained in this communication is confidential, intended solely for the
use of the individual or entity to whom it is addressed and may be legally privileged and
protected by professional secrecy. Access to this message by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, copying, or distribution of the
message, or any action or omission taken by you in reliance on it is prohibited and may be
unlawful. Please immediately contact the sender if you have received this message in
error. This email does not constitute any commitment from Cordys Holding BV or any of its
subsidiaries except when expressly agreed in a written agreement between the intended
recipient and Cordys Holding BV or its subsidiaries. Cordys is neither liable for the
proper and complete transmission of the information contained in this communication nor
for any delay in its receipt. Cordys does not guarantee that the integrity of this
communication has been maintained nor that the communication is free of viruses,
interceptions or interference. If you are not the intended recipient of this communication
please return the communication to the sender and delete and destroy all copies.