On 08/07/2010 09:21:53, Frank Bonnet wrote: > Could anybody recommend a rock solid software to build > an OpenLDAP cluster with FreeBSD 8.0 ?
Well, you're off to a good start with FreeBSD and OpenLDAP. In fact, you don't really need much more than that. As mentioned else-thread, you can set up master-master replication between a couple of OpenLDAP instances quite readily: unlike say, M-M replication in MySQL, this is pretty robust[*] and you can write to the directory on either server. You can also expand to a ring topology with three or more servers, plus many other possibilities, and site-to-site replication also works pretty well over long distances, but that's probably getting beyond the scope of what you want. The really handy thing about LDAP is that you can do quite a reasonable High-Availability setup with no extra software or hardware -- it's a lot like DNS in that respect. Simply specify a series of LDAP servers in the ldap.conf (or pam-ldap.conf or nss-ldap.conf) on each client, and the client will try each in turn until it reaches one it can bind to successfully. This does introduce a little extra latency here and there, but nothing particularly drastic. There is also a method of distributing traffic using SRV records that can be managed centrally in the DNS but AFAIK, {nss,pam}-ldap.conf don't understand it -- other clients do and will work just fine. You can use CARP or relayd or HW load balancers or other technologies to make the H-A almost seamless, but frequently the extra complication just doesn't provide enough extra performance to justify the effort or the expense. Test early, and test often while working up your cluster. Cheers, Matthew [*] Partly this is due to the intrinsic nature of LDAP directories, where there tend to be far fewer uniqueness constraints, and partly its because LDAP servers generally service far more reads than writes -- more so than typical RDBMS usage. Mostly however, it's because LDAP replicates the modified data, rather than replaying a stream of update queries on the replication targets. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature