You are here
OpenLDAP: DICE client configuration
Fri, 01/25/2013 - 15:46 - boss
Project ID:
267
Current stage:
Manager:
Unit:
Summary:
Review of OpenLDAP DICE client configuration
What:
Description: Investigate the various options for the use of LDAP on our DICE client machines.
Deliverables: Report, with recommendations. Subsequent implementation if required.
Why:
Customer: All
Case statement:
The current configuration of OpenLDAP on our DICE client machines generally works well, but changes in OpenLDAP mean that it should now be reviewed:
- Every DICE client runs its own LDAP server. There are historical reasons for that, but is it still necessary? Could we move to a more standard client-server model?
- DICE clients use a locally developed pull synchronisation technology -
slaprepl
- for replication. It would probably be better to use more standard software for replication, if such exists and is reliable. - All clients replicate from the single LDAP master, and we sometimes see client-side replication failures. Replication could probably made more reliable by configuring client replication from our LDAP slaves rather than from the single master. In any case, such a change seems sensible for reasons of load-balancing and redundancy.
- The current replication system has a latency of up to one hour on any client. It would be good to reduce that time.
- Our possible use of features such as nslcd, nssov overlay, sssd, proxycaching, etc. should be investigated.
This project follows on from the stalled project 79.
When:
Status:
Timescales:
Priority:
Time: Four weeks
How:
Proposal:
Resources: OpenLDAP knowledge
Plan
- Document the current state of OpenLDAP configuration on DICE clients, highlighting any problem areas.
- Find out what alternative options are available to us.
- Investigate options.
- Produce report with recommendations.
- Implement whatever is agreed as a result of the above.
Final report URL:
Other:
Dependencies:
Risks:
- Changes implemented incorrectly have the potential to break every DICE client machine.
Milestones
Proposed date | Achieved date | Name | Description |
---|