Loading
Highly Available LDAP
Creating a highly available authentication server using open-source software.
If updates have been made to the LDAP namespace while the master LDAP server is down, the LDAP databases must be resynchronized prior to restarting the master server. There are two methods for doing this. If a service interruption is possible, the databases can be hand-copied after the LDAP server has been stopped. (Data files are kept by default in /usr/local/var.)
You also can use OpenLDAP replication to restore the database without the service interruption. First, start the LDAP server on the former master node as a slave. Then start slurpd on the current master. Changes received while the former master was out of service are pushed from the new master. Finally, stop the slave LDAP server on the former master node, and start Heartbeat. This results in a failback to the original configuration.
This article outlines a simple example of using open-source software to create some highly available basic network services. Network services including LDAP seldom require huge servers. The additional reliability provided by clustering and the duplication of servers and data files can increase overall service availability. The system worked under all tests, with a failover of less than 15 seconds in all cases. Given a good understanding of system loads and utilization, failover time could be reduced below this threshold.
Thanks to Alan Robertson, IBM Linux Technology Center, for his helpful comments and review.
The foregoing article is based on laboratory tests undertaken in a laboratory environment. Results in particular customer installations may vary based on a number of factors, including workload and configuration in each particular installation. Therefore, the above information is provided on an AS IS basis. The WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. Use of this information is at user's sole risk.
- « first
- ‹ previous
- 1
- 2
- 3
______________________
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
- RSS Feeds
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Developer Poll
- Dart: a New Web Programming Experience
- May 2013 Issue of Linux Journal: Raspberry Pi
- What's the tweeting protocol?
- Reply to comment | Linux Journal
14 min 4 sec ago - Web Hosting IQ
1 hour 47 min ago - Thanks for taking the time to
3 hours 24 min ago - Linux is good
5 hours 22 min ago - Reply to comment | Linux Journal
5 hours 39 min ago - Web Hosting IQ
6 hours 9 min ago - Web Hosting IQ
6 hours 10 min ago - Web Hosting IQ
6 hours 10 min ago - Reply to comment | Linux Journal
9 hours 11 min ago - play with linux? i think you mean work-around linux
17 hours 37 min ago
Poll
Comments
Consistency of database
Promoting LDAP SLAVE to MASTER can result in inconsistency of data ? can't it ?
Very nice article :)
Putting the LDAP database files on a NAS
I'm using LDAP for login authentication. I'd kinda wondered if I could avoid the LDAP Master/Slave business with slurpd by running two Masters - hang on that sounds bonkers. But what if they were configured with their database files on a shared NAS - even more stupid? But if Heartbeat is directing all LDAP traffic to one LDAP and then they failover cleanly, why wouldn't this work? Well if the "broken" server could still reach the database files on the NAS and you logged in at the console it would be bad. But the database files can only be reached via the network, and the "broken" server has no connection otherwise it would not have failedover. So the database files on the NAS are safe.
Good in theory. What do you think?
BTW. Very well written article. Thanks
Re: Highly Available LDAP
"After compiling, we installed it in /etc/ha.d/resource.d/ and named it other_state."
After compiling api_test.c I find that the script api_test is not portable ! how did you get around this ?
Re: Highly Available LDAP
Many a Thanks for sharing your experience and knowledge. Your article demistifies High Availability from cabala to very simple terms.
Manjunath Shastry
Re: Highly Available LDAP
Cheers lads. Nice to see someone take the time to explain something in simple english. Too often Linux people take an arrogant approach to documentation. Not likely to entice many large corporations onto the scene. Well done on the article.
Re: Highly Available LDAP
I really enjoyed this article the only thing is I would like to see the source code to the simple kde app that you used to query the ldap databases.
konetzed at fmlug dot org