[Linux-cluster] LDAP as a service

Rick Stevens ricks at alldigital.com
Thu Jan 24 22:49:45 UTC 2013

On 01/24/2013 01:57 PM, Dryden, Tom issued this missive:
> Good Afternoon,
> There are a couple of reasons to implement LDAP on a cluster.
> 1. I have a cluster with GFS partitions available.


> 2. Want to avoid the cost putting up 2 more machines for master  -
> master LDAP operation.

Master-master LDAP replication is not hard to do and you're still going
to have two machines running LDAP. Perhaps not simultaneously, but you
will still have two machines.

> 3. Want to avoid the timeout the client experiences when the primary is
> unavailable.

This is what the TIMEOUT and SIZELIMIT and NETWORK_TIMEOUT variables in
the various incarnations of the ldap.conf file are for. The defaults do
make things sluggish if a primary goes down, but you can tweak that.

> My thought is to have the LADP data stored on a GFS partition while the
> LDAP server process and IP address are managed as a service.  In this
> configuration the process can move between nodes with no impact to the
> clients.

Personally, I think you're over complicating things and unless you have
a ridiculously big LDAP database that you don't want to replicate, I
don't think you're really buying anything here. We run several master-
master LDAP clusters here--even with one replicating across the country
(California <--> Florida). Works fine.

That being said, as with most FOSS stuff, there's more than one way to
skin a mule. Do as you wish.
- Rick Stevens, Systems Engineer, AllDigital    ricks at alldigital.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-                 All generalizations are false.                     -

More information about the Linux-cluster mailing list