Ryan Steele
2010-03-03 15:32:46 UTC
Hey folks,
In order to provide stability to my OpenLDAP clients in the event of a network outage, I would like to implement some
client-side caching. I've done some research, and have concluded that nscd is evil and should be avoided at all costs,
and thus eventually settled on using back-ldap as a proxy and caching mechanism on the clients. Ideally, clients would
query a local cache first, and if the information was not available, back-ldap would then forward the connection on to
my root OpenLDAP server(s). However, I didn't see much information in the admin guide with respect to such
configurations other than a reference to the back-ldap man page, and given that I've got no real experience with setting
up back-ldap, I was wondering if somebody who did/does would have some recommendations, advice, or knew of a good
documentation source describing this sort of setup?
The other question I have is that it seems most people use back-ldap with a slapd.conf-style configuration, versus a
cn=config type of setup. In this sort of circumstance, where one is not configuring a full-on OpenLDAP server/replica,
that seems like it might be a good thing in the interest of keeping the client configurations simple. Nonetheless, I
wanted to verify that it was the recommended way, since slapd.conf (in the context of a fully fleshed-out OpenLDAP
server) is deprecated.
Thanks as always for insights, advice, and criticisms.
Respectfully,
Ryan
In order to provide stability to my OpenLDAP clients in the event of a network outage, I would like to implement some
client-side caching. I've done some research, and have concluded that nscd is evil and should be avoided at all costs,
and thus eventually settled on using back-ldap as a proxy and caching mechanism on the clients. Ideally, clients would
query a local cache first, and if the information was not available, back-ldap would then forward the connection on to
my root OpenLDAP server(s). However, I didn't see much information in the admin guide with respect to such
configurations other than a reference to the back-ldap man page, and given that I've got no real experience with setting
up back-ldap, I was wondering if somebody who did/does would have some recommendations, advice, or knew of a good
documentation source describing this sort of setup?
The other question I have is that it seems most people use back-ldap with a slapd.conf-style configuration, versus a
cn=config type of setup. In this sort of circumstance, where one is not configuring a full-on OpenLDAP server/replica,
that seems like it might be a good thing in the interest of keeping the client configurations simple. Nonetheless, I
wanted to verify that it was the recommended way, since slapd.conf (in the context of a fully fleshed-out OpenLDAP
server) is deprecated.
Thanks as always for insights, advice, and criticisms.
Respectfully,
Ryan