[Linux-cluster] LDAP as a service

Kaloyan Kovachev kkovachev at varna.net
Fri Jan 25 09:47:49 UTC 2013 

Hi,
 there should be openldap resource in your cluster, but if not you can
always use a script resource or write your own.


On Thu, 24 Jan 2013 14:49:45 -0800, Rick Stevens <ricks at alldigital.com>
wrote:
> On 01/24/2013 01:57 PM, Dryden, Tom issued this missive:
>>
>> Good Afternoon,
>>
>> There are a couple of reasons to implement LDAP on a cluster.
>> 1. I have a cluster with GFS partitions available.
> 
> Good.
> 
>> 2. Want to avoid the cost putting up 2 more machines for master  -
>> master LDAP operation.
> 
> Master-master LDAP replication is not hard to do and you're still going
> to have two machines running LDAP. Perhaps not simultaneously, but you
> will still have two machines.
> 
>> 3. Want to avoid the timeout the client experiences when the primary is
>> unavailable.
> 
> This is what the TIMEOUT and SIZELIMIT and NETWORK_TIMEOUT variables in
> the various incarnations of the ldap.conf file are for. The defaults do
> make things sluggish if a primary goes down, but you can tweak that.
> 
>> My thought is to have the LADP data stored on a GFS partition while the
>> LDAP server process and IP address are managed as a service.  In this
>> configuration the process can move between nodes with no impact to the
>> clients.
> 
> Personally, I think you're over complicating things and unless you have
> a ridiculously big LDAP database that you don't want to replicate, I
> don't think you're really buying anything here. We run several master-
> master LDAP clusters here--even with one replicating across the country
> (California <--> Florida). Works fine.
> 
> That being said, as with most FOSS stuff, there's more than one way to
> skin a mule. Do as you wish.
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer, AllDigital    ricks at alldigital.com -
> - AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
> -                                                                    -
> -                 All generalizations are false.                     -
> ----------------------------------------------------------------------

More information about the Linux-cluster mailing list