Hi LDAPUSERS, I would like a design cfg suggestionfor implementing a hot standby LDAP solution, would multimmaster configuration be sufficient? I need some cfg which will switch the clients instantaneous to a second master , transparent to clients, no downtime and "0" loss of transactions. Thank you Isabella
Why do you need a standby server? That's not exactly how LDAP is meant to be used, you can, but with multi-master replication, you can just use all servers simultaneously. Steven Crothers steven.crothers@gmail.com
On Mon, Jul 14, 2014 at 5:55 PM, Isabella Ghiurea isabella.ghiurea@nrc-cnrc.gc.ca wrote:
Hi LDAP USERS, I would like a design cfg suggestion for implementing a hot standby LDAP solution, would multimmaster configuration be sufficient ? I need some cfg which will switch the clients instantaneous to a second master , transparent to clients, no downtime and "0" loss of transactions. Thank you Isabella
--
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
You can use a few different methods on top of multi-master.
HAproxy server (or other load balancer). This service listens for requests on 389/636 and forwards to the current running server Multiple records in DNS. see below Split Horizon DNS. google that one
Although some would advise against it, we use DNS to take care of this. Just make multiple entries:
ldap1.example.com = 10.0.0.2 ldap2.example.com = 10.0.0.3 ldap3.example.com = 10.0.0.4 ldap.example.com = 10.0.0.2 ldap.example.com = 10.0.0.3 ldap.example.com = 10.0.0.4
point users to ldap.example.com. if ldap1.example.com dies, users will alternate hitting the dead and alive servers, ending in successful login. I get alerts if the server is down so I yank it from DNS quickly. difference between this and HAproxy is that haproxy will automatically remove the bad entries, but adds another point of failure so it's a wash to me.
On Mon, Jul 14, 2014 at 5:55 PM, Isabella Ghiurea isabella.ghiurea@nrc-cnrc.gc.ca wrote:
Hi LDAP USERS, I would like a design cfg suggestion for implementing a hot standby LDAP solution, would multimmaster configuration be sufficient ? I need some cfg which will switch the clients instantaneous to a second master , transparent to clients, no downtime and "0" loss of transactions. Thank you Isabella
--
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
If you have an F5, or other load balancer, it's pretty easy to create a VIP with multiple back end nodes (your LDAP servers). Obviously not a cheap solution, but you can setup monitors which can detect when a server has gone down, and immediately pull it from the pool. It's been very effective for me. On Jul 14, 2014 3:35 PM, "Justin Edmands" shockwavecs@gmail.com wrote:
You can use a few different methods on top of multi-master.
HAproxy server (or other load balancer). This service listens for requests on 389/636 and forwards to the current running server Multiple records in DNS. see below Split Horizon DNS. google that one
Although some would advise against it, we use DNS to take care of this. Just make multiple entries:
ldap1.example.com = 10.0.0.2 ldap2.example.com = 10.0.0.3 ldap3.example.com = 10.0.0.4 ldap.example.com = 10.0.0.2 ldap.example.com = 10.0.0.3 ldap.example.com = 10.0.0.4
point users to ldap.example.com. if ldap1.example.com dies, users will alternate hitting the dead and alive servers, ending in successful login. I get alerts if the server is down so I yank it from DNS quickly. difference between this and HAproxy is that haproxy will automatically remove the bad entries, but adds another point of failure so it's a wash to me.
On Mon, Jul 14, 2014 at 5:55 PM, Isabella Ghiurea isabella.ghiurea@nrc-cnrc.gc.ca wrote:
Hi LDAP USERS, I would like a design cfg suggestion for implementing a hot standby
LDAP
solution, would multimmaster configuration be sufficient ? I need some cfg which will switch the clients instantaneous to a second master , transparent to clients, no downtime and "0" loss of transactions. Thank you Isabella
--
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Justin explains perfectly what we do at my company, and it works fantastically. I don't need a load balancer sitting between my data and app, I need speed. Steven Crothers steven.crothers@gmail.com
On Mon, Jul 14, 2014 at 6:34 PM, Justin Edmands shockwavecs@gmail.com wrote:
You can use a few different methods on top of multi-master.
HAproxy server (or other load balancer). This service listens for requests on 389/636 and forwards to the current running server Multiple records in DNS. see below Split Horizon DNS. google that one
Although some would advise against it, we use DNS to take care of this. Just make multiple entries:
ldap1.example.com = 10.0.0.2 ldap2.example.com = 10.0.0.3 ldap3.example.com = 10.0.0.4 ldap.example.com = 10.0.0.2 ldap.example.com = 10.0.0.3 ldap.example.com = 10.0.0.4
point users to ldap.example.com. if ldap1.example.com dies, users will alternate hitting the dead and alive servers, ending in successful login. I get alerts if the server is down so I yank it from DNS quickly. difference between this and HAproxy is that haproxy will automatically remove the bad entries, but adds another point of failure so it's a wash to me.
On Mon, Jul 14, 2014 at 5:55 PM, Isabella Ghiurea isabella.ghiurea@nrc-cnrc.gc.ca wrote:
Hi LDAP USERS, I would like a design cfg suggestion for implementing a hot standby LDAP solution, would multimmaster configuration be sufficient ? I need some cfg which will switch the clients instantaneous to a second master , transparent to clients, no downtime and "0" loss of transactions. Thank you Isabella
--
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
ghiureai -
Justin Edmands -
Kyle Flavin -
Steven Crothers