You are here

OpenLDAP: DICE client configuration

Project ID: 
267
Current stage: 
Manager: 
Unit: 
Summary: 
Review of OpenLDAP DICE client configuration
What: 

Description: Investigate the various options for the use of LDAP on our DICE client machines.

Deliverables: Report, with recommendations. Subsequent implementation if required.

  1. [Draft] Review of OpenLDAP DICE client configuration
  2. Discussion paper: DICE client LDAP configuration
  3. Minutes of meeting re Discussion paper - 17th September 2014
  4. Final report
Why: 

Customer: All

Case statement:

The current configuration of OpenLDAP on our DICE client machines generally works well, but changes in OpenLDAP mean that it should now be reviewed:

  • Every DICE client runs its own LDAP server. There are historical reasons for that, but is it still necessary? Could we move to a more standard client-server model?
  • DICE clients use a locally developed pull synchronisation technology - slaprepl - for replication. It would probably be better to use more standard software for replication, if such exists and is reliable.
  • All clients replicate from the single LDAP master, and we sometimes see client-side replication failures. Replication could probably made more reliable by configuring client replication from our LDAP slaves rather than from the single master. In any case, such a change seems sensible for reasons of load-balancing and redundancy.
  • The current replication system has a latency of up to one hour on any client. It would be good to reduce that time.
  • Our possible use of features such as nslcd, nssov overlay, sssd, proxycaching, etc. should be investigated.

This project follows on from the stalled project 79.

When: 

Status:

Timescales:

Priority:

Time: Four weeks

How: 

Proposal:

Resources: OpenLDAP knowledge

Plan

  1. Document the current state of OpenLDAP configuration on DICE clients, highlighting any problem areas.
  2. Find out what alternative options are available to us.
  3. Investigate options.
  4. Produce report with recommendations.
  5. Implement whatever is agreed as a result of the above.
Other: 

Dependencies:

Risks:

  1. Changes implemented incorrectly have the potential to break every DICE client machine.

Milestones

Proposed date Achieved date Name Description