SlideShare une entreprise Scribd logo

OpenLDAP Replication Strategies

Gavin Henry
Gavin Henry

OpenLDAP has been replacing proprietary directory server offerings in the private sector, public sector and the financial sector at an increasing pace. This is largely due to its performance and scalability, dynamic configuration capabilities and flexible extensibility via bundled modules. OpenLDAP would not have earned its place in these sectors without enterprise grade replication options. In this talk, an overview of the latest production ready OpenLDAP 2.4 replication features will be discussed and the numerous best practice strategies will be presented covering the most common deployment configurations found in the wild.

Technologie
1  sur  33
Télécharger pour lire hors ligne
OpenLDAP Replication Strategies Gavin Henry Managing Director, Suretec Systems Ltd. - ghenry@suretecsystems.com Documentation Developer, OpenLDAP Project - ghenry@openldap.org
Agenda Overview ● The History of Replication ● Replication Technology ● Deployment Alternatives ● Replication Best Practices ● Questions and Answers ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 2
Overview OpenLDAP is an open source code project ● Founded 1998 ● Three core team members ● A dozen or so contributors (engineering team) ● Feature releases every 12-18 months ● Maintenance releases roughly monthly ●
Overview Replicated directories are a fundamental requirement ● for delivering a resilient enterprise deployment. Slurpd is now completely removed from 2.4 ● There's new terminology – Provider/Consumer ● MirrorMode and Multi-Master now available ● Replication needs to support complex environments ● Wonderful things can be done with the “Dynamic ● Configuration Backend” http://creativecommons.org/licenses/by/3.0/ 02/04/09 4
The History of Replication Slurpd was the first form of replication ● Slurpd was a standalone daemon plagued with ● problems (in brief): slurpd never rerouted requests – It was not reliable – It was extremely sensitive to the ordering of records in – the replog more.... – http://creativecommons.org/licenses/by/3.0/ 02/04/09 5
The History of Replication It could easily go out of sync, at which point manual – intervention was required It wasn't very tolerant of unavailable servers. – It only worked in push mode – It required stopping and restarting the master to add new – slaves It only supported single master replication – Slurpd is no longer part of OpenLDAP 2.4 ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 6
The History of Replication Syncrepl has none of those weaknesses ● Syncrepl was born on April Fools Day 2003 and ● is documented in the Admin Guide and RFC 4533 - “LDAP Content Synchronization Operation” It is extremely flexible and “JGOWI” ● Push Based, Pull based, Proxies..... ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 7
The History of Replication OpenLDAP 2.4 adds: ● MirrorMode (Active-Active Hot-standby) – N-Way Multimaster Replication – More sophisticated Syncrepl configurations – Replicating slapd Configuration (syncrepl and cn=config) – http://creativecommons.org/licenses/by/3.0/ 02/04/09 8
Deployment Alternatives Syncrepl ● Delta-syncrepl ● N-Way Multi-Master ● MirrorMode ● Syncrepl Proxy Mode ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 9
LDAP Content Synchronization Protocol (LDAP Sync) RFC 4533 - LDAP Content Synchronization ● Operation - June 2006 refreshOnly and refreshAndPersist ● Eventually-convergent content synchronization ● Client can be notified that a complete reload is ● needed (used in Delta-syncrepl) Copy of “DIT Fragment” ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 10
LDAP Content Synchronization Protocol (LDAP Sync) Inconsistencies resolved on subsequent syncs ● Not good for bandwidth challenged ● apps/deployments Not for use with apps that need “transactional ● data consistency” Example of refreshOnly and refreshAndPresist ● to follow http://creativecommons.org/licenses/by/3.0/ 02/04/09 11
http://creativecommons.org/licenses/by/3.0/ 02/04/09 12
http://creativecommons.org/licenses/by/3.0/ 02/04/09 13
LDAP Sync Replication (Syncrepl) LDAP Sync Replication engine, syncrepl for short ● Consumer-side replication engine ● Resides at the consumer and executes as one of the ● slapd(8) threads. Uses the LDAP Content Synchronization protocol (or ● LDAP Sync for short) - RFC4533 LDAP Sync provides a stateful replication which supports ● both pull-based and push-based synchronization and does not mandate the use of a history store. http://creativecommons.org/licenses/by/3.0/ 02/04/09 14
LDAP Sync Replication (Syncrepl) Pull-based replication - periodically polls the provider for ● updates. Push-based replication - consumer listens for updates that are ● sent in realtime Syncrepl tracks status of the replication content by maintaining ● and exchanging synchronization cookies Consumer replica can be constructed from a consumer-side or ● a provider-side backup at any synchronization status. Syncrepl can automatically resynchronize the consumer replica ● up-to-date with the current provider content. http://creativecommons.org/licenses/by/3.0/ 02/04/09 15
LDAP Sync Replication (Syncrepl) Session log can be used in the provider which stores the ● entryUUIDs of a finite number of entries deleted from a database in order to use the delete phase LDAP Sync provider maintains a contextCSN in the suffix ● entry (change sequence number = CSN) It is the largest entryCSN in the provider context ● (depending on outstanding transactions) contextCSN maintained primarily in memory and written at ● shutdown, but can be checkpointed. http://creativecommons.org/licenses/by/3.0/ 02/04/09 16
LDAP Sync Replication (Syncrepl) Whole database scanned if contextCSN not found and ● new one generated Consumer also stores its replica state, which is the ● provider's contextCSN received as a synchronization cookie New Consumer doesn't change provider config ● No provider restarts needed ● Consumer replication can stop without the need for ● provider-side changes and restart. http://creativecommons.org/licenses/by/3.0/ 02/04/09 17
Delta-syncrepl Disadvantages of LDAP Sync ● LDAP Sync replication is an object-based ● replication Both the changed and unchanged attribute values ● are processed Excess traffic generated for small changes ● changelog-based variant of syncrepl ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 18
Delta-syncrepl Maintains a changelog on the provider ● Consumer checks the changelog for the ● changes it needs If a replica is too far out of sync, switches to ● conventional syncrepl Switches back to the delta-syncrepl mode when ● fully sync'd http://creativecommons.org/licenses/by/3.0/ 02/04/09 19
http://creativecommons.org/licenses/by/3.0/ 02/04/09 20
N-Way Multi-Master Uses Syncrepl to replicate data to multiple provider ● (quot;Masterquot;) Directory servers. Avoids a single point of failure ● Supports complex topologies ● Providers can be located in several physical sites ● Good for Automatic failover/High Availability ● Requires synchronised time source - ntp ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 21
N-Way Multi-Master It has NOTHING to do with load balancing ● Providers must propagate writes to all the other servers ● Network traffic and write load spreads across all of the ● servers the same as for single-master. Server utilization and performance are at best identical for ● Multi-Master and Single-Master replication Single-Master is superior because indexing can be tuned ● differently to optimize for the different usage patterns between the provider and the consumers. http://creativecommons.org/licenses/by/3.0/ 02/04/09 22
N-Way Multi-Master Breaks the data consistency guarantees of the ● directory model Crashed, or network link has failed??? ● More: ● http://www.watersprings.org/pub/id/draft-zeilenga-ldup-harmful-02.txt ● http://www.openldap.org/faq/data/cache/1240.html ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 23
http://creativecommons.org/licenses/by/3.0/ 02/04/09 24
MirrorMode Is a Active-Active Hot-Standby solution ● External front end needed ● Not a Multi-Master solution ● Syncrepl also allows the provider nodes to re- ● synchronize after any downtime Delta-Syncrepl is not yet supported ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 25
MirrorMode Two providers are set up to replicate from each ● other An external frontend is employed to direct all ● writes to only one of the two servers. The second provider will only be used for writes ● if the first provider crashes automatically catch up to any changes on the ● running provider and resync. http://creativecommons.org/licenses/by/3.0/ 02/04/09 26
MirrorMode http://creativecommons.org/licenses/by/3.0/ 02/04/09 27
Syncrepl Proxy Mode refreshAndPersist must still ● be initiated from the consumer Firewalls may need provider ● initiated push-mode replication slapd-ldap proxy is set up ● near or with the provider that points to the consumer syncrepl engine runs on the ● proxy and points to provider http://creativecommons.org/licenses/by/3.0/ 02/04/09 28
Syncrepl Proxy Mode http://creativecommons.org/licenses/by/3.0/ 02/04/09 29
Replication Best Practices Use a replication user ● You can restart replication by adding/removing ● syncrepl statement if needed when changing replication credentials/certificates MirrorMode always good enough for most ● enterprises dependent on global requirements Slapo-chain to chain writes back to provider ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 30
Replication Best Practices [ghenry@suretec ~]$ ldapsearch ­x ­LLL ­H ldap[?]://master:389 ­s base ­b  'dc=suretecsystems,dc=com' contextCSN[?] dn: dc=suretecsystems,dc=com  contextCSN: 20081025222436.822813Z&000000;000#000000  [ghenry@suretec ~]$ ldapsearch ­x ­LLL ­H ldap://slave:389 ­s base ­b  'dc=suretecsystems,dc=com' contextCSN dn: dc=suretecsystems,dc=com  contextCSN: 20081025222436.822813Z&000000;000#000000 Backups – online(ldapsearch)/offline(slapcat)/phyiscal ● Checkpointing ● Monitoring: ● Nagios ● ZenOSS etc. ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 31
Conclusion OpenLDAP is the fastest directory software in the ● world. Now it also provides the best replication features in the world. There is always a replication model to suit your needs, ● if not send us a patch! Don't hide in a corner, join our community, ask ● questions and help others! - http://www.openldap.org http://creativecommons.org/licenses/by/3.0/ 02/04/09 32
Questions? http://creativecommons.org/licenses/by/3.0/ 02/04/09 33

Recommandé

Kafka Tutorial - introduction to the Kafka streaming platform
Kafka Tutorial - introduction to the Kafka streaming platformKafka Tutorial - introduction to the Kafka streaming platform
Kafka Tutorial - introduction to the Kafka streaming platformJean-Paul Azar
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm Chandler Huang
 
Python for Linux System Administration
Python for Linux System AdministrationPython for Linux System Administration
Python for Linux System Administrationvceder
 
Stream processing using Kafka
Stream processing using KafkaStream processing using Kafka
Stream processing using KafkaKnoldus Inc.
 
Infrastructure as Code with Terraform and Ansible
Infrastructure as Code with Terraform and AnsibleInfrastructure as Code with Terraform and Ansible
Infrastructure as Code with Terraform and AnsibleDevOps Meetup Bern
 
Architecture Sustaining LINE Sticker services
Architecture Sustaining LINE Sticker servicesArchitecture Sustaining LINE Sticker services
Architecture Sustaining LINE Sticker servicesLINE Corporation
 
Docker swarm
Docker swarmDocker swarm
Docker swarmAlberto Guimarães Viana
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 

Recommandé

Kafka Tutorial - introduction to the Kafka streaming platform
Kafka Tutorial - introduction to the Kafka streaming platformKafka Tutorial - introduction to the Kafka streaming platform
Kafka Tutorial - introduction to the Kafka streaming platformJean-Paul Azar
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm Chandler Huang
 
Python for Linux System Administration
Python for Linux System AdministrationPython for Linux System Administration
Python for Linux System Administrationvceder
 
Stream processing using Kafka
Stream processing using KafkaStream processing using Kafka
Stream processing using KafkaKnoldus Inc.
 
Infrastructure as Code with Terraform and Ansible
Infrastructure as Code with Terraform and AnsibleInfrastructure as Code with Terraform and Ansible
Infrastructure as Code with Terraform and AnsibleDevOps Meetup Bern
 
Architecture Sustaining LINE Sticker services
Architecture Sustaining LINE Sticker servicesArchitecture Sustaining LINE Sticker services
Architecture Sustaining LINE Sticker servicesLINE Corporation
 
Docker swarm
Docker swarmDocker swarm
Docker swarmAlberto Guimarães Viana
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explainedconfluent
 
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019confluent
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionSparkbit
 
Build Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBBuild Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBScyllaDB
 
Docker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopDocker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopSathish VJ
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introductionrajdeep
 
Debugging Apache Spark
Debugging Apache SparkDebugging Apache Spark
Debugging Apache SparkJoey Echeverria
 
Introduction to Apache Kafka
Introduction to Apache KafkaIntroduction to Apache Kafka
Introduction to Apache KafkaAIMDek Technologies
 
What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17ShapeBlue
 
Local Apache NiFi Processor Debug
Local Apache NiFi Processor DebugLocal Apache NiFi Processor Debug
Local Apache NiFi Processor DebugDeon Huang
 
Containers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes IstioContainers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes IstioAraf Karsh Hamid
 
Kubernetes and Prometheus
Kubernetes and PrometheusKubernetes and Prometheus
Kubernetes and PrometheusWeaveworks
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc.
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
Introduction to memcached
Introduction to memcachedIntroduction to memcached
Introduction to memcachedJurriaan Persyn
 
Union FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerUnion FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Storage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesStorage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesDataWorks Summit
 
Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAPLDAPCon
 
CMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateCMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateOSSラボ株式会社
 

Contenu connexe

Tendances

Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explainedconfluent
 
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019confluent
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionSparkbit
 
Build Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBBuild Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBScyllaDB
 
Docker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopDocker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopSathish VJ
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introductionrajdeep
 
What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17ShapeBlue
 
Local Apache NiFi Processor Debug
Local Apache NiFi Processor DebugLocal Apache NiFi Processor Debug
Local Apache NiFi Processor DebugDeon Huang
 
Containers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes IstioContainers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes IstioAraf Karsh Hamid
 
Kubernetes and Prometheus
Kubernetes and PrometheusKubernetes and Prometheus
Kubernetes and PrometheusWeaveworks
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc.
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
Introduction to memcached
Introduction to memcachedIntroduction to memcached
Introduction to memcachedJurriaan Persyn
 
Union FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerUnion FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Storage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesStorage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesDataWorks Summit
 

Tendances (20)

Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explained
 
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019
What's the time? ...and why? (Mattias Sax, Confluent) Kafka Summit SF 2019
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Build Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBBuild Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDB
 
Docker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopDocker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshop
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introduction
 
Debugging Apache Spark
Debugging Apache SparkDebugging Apache Spark
Debugging Apache Spark
 
Introduction to Apache Kafka
Introduction to Apache KafkaIntroduction to Apache Kafka
Introduction to Apache Kafka
 
What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17
 
Local Apache NiFi Processor Debug
Local Apache NiFi Processor DebugLocal Apache NiFi Processor Debug
Local Apache NiFi Processor Debug
 
Containers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes IstioContainers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes Istio
 
Kubernetes and Prometheus
Kubernetes and PrometheusKubernetes and Prometheus
Kubernetes and Prometheus
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to Docker
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and image
 
Introduction to memcached
Introduction to memcachedIntroduction to memcached
Introduction to memcached
 
Union FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerUnion FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a Container
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
 
Storage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesStorage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on Kubernetes
 

En vedette

Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAPLDAPCon
 
CMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateCMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateOSSラボ株式会社
 
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalOpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalJonathan Clarke
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLsbahloul
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs LdapJuan Bau
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010RUDDER
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioLDAPCon
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Michael Lamont
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAPLDAPCon
 
Synchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectSynchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectClément OUDOT
 
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCRMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCClément OUDOT
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersPerforce
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyClément OUDOT
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCLDAPCon
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active DirectoryAhmad Haghighi
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerTola LENG
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administrationAli Abdo
 

En vedette (20)

Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAP
 
CMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateCMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 update
 
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalOpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLL
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs Ldap
 
IAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutionsIAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutions
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory Studio
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAP
 
Synchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectSynchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC project
 
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCRMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
 
Rhel6
Rhel6Rhel6
Rhel6
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policy
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSC
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active Directory
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAP
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba Server
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
 

Similaire à OpenLDAP Replication Strategies

The architecture of oak
The architecture of oakThe architecture of oak
The architecture of oakMichael Dürig
 
Rails Application Optimization Techniques & Tools
Rails Application Optimization Techniques & ToolsRails Application Optimization Techniques & Tools
Rails Application Optimization Techniques & Toolsguest05c09d
 
Docker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukDocker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukLohika_Odessa_TechTalks
 
MySQL Replication Performance Tuning for Fun and Profit!
MySQL Replication Performance Tuning for Fun and Profit!MySQL Replication Performance Tuning for Fun and Profit!
MySQL Replication Performance Tuning for Fun and Profit!Vitor Oliveira
 
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE
 
State of Containers and the Convergence of HPC and BigData
State of Containers and the Convergence of HPC and BigDataState of Containers and the Convergence of HPC and BigData
State of Containers and the Convergence of HPC and BigDatainside-BigData.com
 
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoOracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoMarkus Michalewicz
 
Apache Kafka with Spark Streaming: Real-time Analytics Redefined
Apache Kafka with Spark Streaming: Real-time Analytics RedefinedApache Kafka with Spark Streaming: Real-time Analytics Redefined
Apache Kafka with Spark Streaming: Real-time Analytics RedefinedEdureka!
 
Digital Fabrication Studio.02 _Information @ Aalto Media Factory
Digital Fabrication Studio.02 _Information @ Aalto Media FactoryDigital Fabrication Studio.02 _Information @ Aalto Media Factory
Digital Fabrication Studio.02 _Information @ Aalto Media FactoryMassimo Menichinelli
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Clusterphanleson
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsFederico Michele Facca
 
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...Qualcomm Developer Network
 
State of Linux Containers for HPC
State of Linux Containers for HPCState of Linux Containers for HPC
State of Linux Containers for HPCinside-BigData.com
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelpurpleocean
 
Cat on demand emc vplex weakness
Cat on demand emc vplex weaknessCat on demand emc vplex weakness
Cat on demand emc vplex weaknessSahatma Siallagan
 
OpenPOWER Application Optimization
OpenPOWER Application Optimization OpenPOWER Application Optimization
OpenPOWER Application Optimization Ganesan Narayanasamy
 
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...confluent
 
Digital Fabrication Studio v.0.2: Information
Digital Fabrication Studio v.0.2: InformationDigital Fabrication Studio v.0.2: Information
Digital Fabrication Studio v.0.2: InformationMassimo Menichinelli
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practiceDocker, Inc.
 
Drupal Efficiency
Drupal EfficiencyDrupal Efficiency
Drupal Efficiencysmattoon
 

Similaire à OpenLDAP Replication Strategies (20)

The architecture of oak
The architecture of oakThe architecture of oak
The architecture of oak
 
Rails Application Optimization Techniques & Tools
Rails Application Optimization Techniques & ToolsRails Application Optimization Techniques & Tools
Rails Application Optimization Techniques & Tools
 
Docker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukDocker based Architecture by Denys Serdiuk
Docker based Architecture by Denys Serdiuk
 
MySQL Replication Performance Tuning for Fun and Profit!
MySQL Replication Performance Tuning for Fun and Profit!MySQL Replication Performance Tuning for Fun and Profit!
MySQL Replication Performance Tuning for Fun and Profit!
 
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
 
State of Containers and the Convergence of HPC and BigData
State of Containers and the Convergence of HPC and BigDataState of Containers and the Convergence of HPC and BigData
State of Containers and the Convergence of HPC and BigData
 
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoOracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
 
Apache Kafka with Spark Streaming: Real-time Analytics Redefined
Apache Kafka with Spark Streaming: Real-time Analytics RedefinedApache Kafka with Spark Streaming: Real-time Analytics Redefined
Apache Kafka with Spark Streaming: Real-time Analytics Redefined
 
Digital Fabrication Studio.02 _Information @ Aalto Media Factory
Digital Fabrication Studio.02 _Information @ Aalto Media FactoryDigital Fabrication Studio.02 _Information @ Aalto Media Factory
Digital Fabrication Studio.02 _Information @ Aalto Media Factory
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Cluster
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platforms
 
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
 
State of Linux Containers for HPC
State of Linux Containers for HPCState of Linux Containers for HPC
State of Linux Containers for HPC
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
 
Cat on demand emc vplex weakness
Cat on demand emc vplex weaknessCat on demand emc vplex weakness
Cat on demand emc vplex weakness
 
OpenPOWER Application Optimization
OpenPOWER Application Optimization OpenPOWER Application Optimization
OpenPOWER Application Optimization
 
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
 
Digital Fabrication Studio v.0.2: Information
Digital Fabrication Studio v.0.2: InformationDigital Fabrication Studio v.0.2: Information
Digital Fabrication Studio v.0.2: Information
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practice
 
Drupal Efficiency
Drupal EfficiencyDrupal Efficiency
Drupal Efficiency
 

Dernier

Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 

Dernier (20)

Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 

OpenLDAP Replication Strategies

  • 1. OpenLDAP Replication Strategies Gavin Henry Managing Director, Suretec Systems Ltd. - ghenry@suretecsystems.com Documentation Developer, OpenLDAP Project - ghenry@openldap.org
  • 2. Agenda Overview ● The History of Replication ● Replication Technology ● Deployment Alternatives ● Replication Best Practices ● Questions and Answers ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 2
  • 3. Overview OpenLDAP is an open source code project ● Founded 1998 ● Three core team members ● A dozen or so contributors (engineering team) ● Feature releases every 12-18 months ● Maintenance releases roughly monthly ●
  • 4. Overview Replicated directories are a fundamental requirement ● for delivering a resilient enterprise deployment. Slurpd is now completely removed from 2.4 ● There's new terminology – Provider/Consumer ● MirrorMode and Multi-Master now available ● Replication needs to support complex environments ● Wonderful things can be done with the “Dynamic ● Configuration Backend” http://creativecommons.org/licenses/by/3.0/ 02/04/09 4
  • 5. The History of Replication Slurpd was the first form of replication ● Slurpd was a standalone daemon plagued with ● problems (in brief): slurpd never rerouted requests – It was not reliable – It was extremely sensitive to the ordering of records in – the replog more.... – http://creativecommons.org/licenses/by/3.0/ 02/04/09 5
  • 6. The History of Replication It could easily go out of sync, at which point manual – intervention was required It wasn't very tolerant of unavailable servers. – It only worked in push mode – It required stopping and restarting the master to add new – slaves It only supported single master replication – Slurpd is no longer part of OpenLDAP 2.4 ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 6
  • 7. The History of Replication Syncrepl has none of those weaknesses ● Syncrepl was born on April Fools Day 2003 and ● is documented in the Admin Guide and RFC 4533 - “LDAP Content Synchronization Operation” It is extremely flexible and “JGOWI” ● Push Based, Pull based, Proxies..... ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 7
  • 8. The History of Replication OpenLDAP 2.4 adds: ● MirrorMode (Active-Active Hot-standby) – N-Way Multimaster Replication – More sophisticated Syncrepl configurations – Replicating slapd Configuration (syncrepl and cn=config) – http://creativecommons.org/licenses/by/3.0/ 02/04/09 8
  • 9. Deployment Alternatives Syncrepl ● Delta-syncrepl ● N-Way Multi-Master ● MirrorMode ● Syncrepl Proxy Mode ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 9
  • 10. LDAP Content Synchronization Protocol (LDAP Sync) RFC 4533 - LDAP Content Synchronization ● Operation - June 2006 refreshOnly and refreshAndPersist ● Eventually-convergent content synchronization ● Client can be notified that a complete reload is ● needed (used in Delta-syncrepl) Copy of “DIT Fragment” ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 10
  • 11. LDAP Content Synchronization Protocol (LDAP Sync) Inconsistencies resolved on subsequent syncs ● Not good for bandwidth challenged ● apps/deployments Not for use with apps that need “transactional ● data consistency” Example of refreshOnly and refreshAndPresist ● to follow http://creativecommons.org/licenses/by/3.0/ 02/04/09 11
  • 14. LDAP Sync Replication (Syncrepl) LDAP Sync Replication engine, syncrepl for short ● Consumer-side replication engine ● Resides at the consumer and executes as one of the ● slapd(8) threads. Uses the LDAP Content Synchronization protocol (or ● LDAP Sync for short) - RFC4533 LDAP Sync provides a stateful replication which supports ● both pull-based and push-based synchronization and does not mandate the use of a history store. http://creativecommons.org/licenses/by/3.0/ 02/04/09 14
  • 15. LDAP Sync Replication (Syncrepl) Pull-based replication - periodically polls the provider for ● updates. Push-based replication - consumer listens for updates that are ● sent in realtime Syncrepl tracks status of the replication content by maintaining ● and exchanging synchronization cookies Consumer replica can be constructed from a consumer-side or ● a provider-side backup at any synchronization status. Syncrepl can automatically resynchronize the consumer replica ● up-to-date with the current provider content. http://creativecommons.org/licenses/by/3.0/ 02/04/09 15
  • 16. LDAP Sync Replication (Syncrepl) Session log can be used in the provider which stores the ● entryUUIDs of a finite number of entries deleted from a database in order to use the delete phase LDAP Sync provider maintains a contextCSN in the suffix ● entry (change sequence number = CSN) It is the largest entryCSN in the provider context ● (depending on outstanding transactions) contextCSN maintained primarily in memory and written at ● shutdown, but can be checkpointed. http://creativecommons.org/licenses/by/3.0/ 02/04/09 16
  • 17. LDAP Sync Replication (Syncrepl) Whole database scanned if contextCSN not found and ● new one generated Consumer also stores its replica state, which is the ● provider's contextCSN received as a synchronization cookie New Consumer doesn't change provider config ● No provider restarts needed ● Consumer replication can stop without the need for ● provider-side changes and restart. http://creativecommons.org/licenses/by/3.0/ 02/04/09 17
  • 18. Delta-syncrepl Disadvantages of LDAP Sync ● LDAP Sync replication is an object-based ● replication Both the changed and unchanged attribute values ● are processed Excess traffic generated for small changes ● changelog-based variant of syncrepl ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 18
  • 19. Delta-syncrepl Maintains a changelog on the provider ● Consumer checks the changelog for the ● changes it needs If a replica is too far out of sync, switches to ● conventional syncrepl Switches back to the delta-syncrepl mode when ● fully sync'd http://creativecommons.org/licenses/by/3.0/ 02/04/09 19
  • 21. N-Way Multi-Master Uses Syncrepl to replicate data to multiple provider ● (quot;Masterquot;) Directory servers. Avoids a single point of failure ● Supports complex topologies ● Providers can be located in several physical sites ● Good for Automatic failover/High Availability ● Requires synchronised time source - ntp ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 21
  • 22. N-Way Multi-Master It has NOTHING to do with load balancing ● Providers must propagate writes to all the other servers ● Network traffic and write load spreads across all of the ● servers the same as for single-master. Server utilization and performance are at best identical for ● Multi-Master and Single-Master replication Single-Master is superior because indexing can be tuned ● differently to optimize for the different usage patterns between the provider and the consumers. http://creativecommons.org/licenses/by/3.0/ 02/04/09 22
  • 23. N-Way Multi-Master Breaks the data consistency guarantees of the ● directory model Crashed, or network link has failed??? ● More: ● http://www.watersprings.org/pub/id/draft-zeilenga-ldup-harmful-02.txt ● http://www.openldap.org/faq/data/cache/1240.html ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 23
  • 25. MirrorMode Is a Active-Active Hot-Standby solution ● External front end needed ● Not a Multi-Master solution ● Syncrepl also allows the provider nodes to re- ● synchronize after any downtime Delta-Syncrepl is not yet supported ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 25
  • 26. MirrorMode Two providers are set up to replicate from each ● other An external frontend is employed to direct all ● writes to only one of the two servers. The second provider will only be used for writes ● if the first provider crashes automatically catch up to any changes on the ● running provider and resync. http://creativecommons.org/licenses/by/3.0/ 02/04/09 26
  • 27. MirrorMode http://creativecommons.org/licenses/by/3.0/ 02/04/09 27
  • 28. Syncrepl Proxy Mode refreshAndPersist must still ● be initiated from the consumer Firewalls may need provider ● initiated push-mode replication slapd-ldap proxy is set up ● near or with the provider that points to the consumer syncrepl engine runs on the ● proxy and points to provider http://creativecommons.org/licenses/by/3.0/ 02/04/09 28
  • 29. Syncrepl Proxy Mode http://creativecommons.org/licenses/by/3.0/ 02/04/09 29
  • 30. Replication Best Practices Use a replication user ● You can restart replication by adding/removing ● syncrepl statement if needed when changing replication credentials/certificates MirrorMode always good enough for most ● enterprises dependent on global requirements Slapo-chain to chain writes back to provider ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 30
  • 31. Replication Best Practices [ghenry@suretec ~]$ ldapsearch ­x ­LLL ­H ldap[?]://master:389 ­s base ­b  'dc=suretecsystems,dc=com' contextCSN[?] dn: dc=suretecsystems,dc=com  contextCSN: 20081025222436.822813Z&000000;000#000000  [ghenry@suretec ~]$ ldapsearch ­x ­LLL ­H ldap://slave:389 ­s base ­b  'dc=suretecsystems,dc=com' contextCSN dn: dc=suretecsystems,dc=com  contextCSN: 20081025222436.822813Z&000000;000#000000 Backups – online(ldapsearch)/offline(slapcat)/phyiscal ● Checkpointing ● Monitoring: ● Nagios ● ZenOSS etc. ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 31
  • 32. Conclusion OpenLDAP is the fastest directory software in the ● world. Now it also provides the best replication features in the world. There is always a replication model to suit your needs, ● if not send us a patch! Don't hide in a corner, join our community, ask ● questions and help others! - http://www.openldap.org http://creativecommons.org/licenses/by/3.0/ 02/04/09 32
  • 33. Questions? http://creativecommons.org/licenses/by/3.0/ 02/04/09 33