SlideShare a Scribd company logo

OpenLDAP Replication Strategies

Gavin Henry
Gavin Henry

OpenLDAP has been replacing proprietary directory server offerings in the private sector, public sector and the financial sector at an increasing pace. This is largely due to its performance and scalability, dynamic configuration capabilities and flexible extensibility via bundled modules. OpenLDAP would not have earned its place in these sectors without enterprise grade replication options. In this talk, an overview of the latest production ready OpenLDAP 2.4 replication features will be discussed and the numerous best practice strategies will be presented covering the most common deployment configurations found in the wild.

Technology
1 of 33
Download to read offline
OpenLDAP Replication Strategies Gavin Henry Managing Director, Suretec Systems Ltd. - ghenry@suretecsystems.com Documentation Developer, OpenLDAP Project - ghenry@openldap.org
Agenda Overview ● The History of Replication ● Replication Technology ● Deployment Alternatives ● Replication Best Practices ● Questions and Answers ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 2
Overview OpenLDAP is an open source code project ● Founded 1998 ● Three core team members ● A dozen or so contributors (engineering team) ● Feature releases every 12-18 months ● Maintenance releases roughly monthly ●
Overview Replicated directories are a fundamental requirement ● for delivering a resilient enterprise deployment. Slurpd is now completely removed from 2.4 ● There's new terminology – Provider/Consumer ● MirrorMode and Multi-Master now available ● Replication needs to support complex environments ● Wonderful things can be done with the “Dynamic ● Configuration Backend” http://creativecommons.org/licenses/by/3.0/ 02/04/09 4
The History of Replication Slurpd was the first form of replication ● Slurpd was a standalone daemon plagued with ● problems (in brief): slurpd never rerouted requests – It was not reliable – It was extremely sensitive to the ordering of records in – the replog more.... – http://creativecommons.org/licenses/by/3.0/ 02/04/09 5
The History of Replication It could easily go out of sync, at which point manual – intervention was required It wasn't very tolerant of unavailable servers. – It only worked in push mode – It required stopping and restarting the master to add new – slaves It only supported single master replication – Slurpd is no longer part of OpenLDAP 2.4 ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 6
The History of Replication Syncrepl has none of those weaknesses ● Syncrepl was born on April Fools Day 2003 and ● is documented in the Admin Guide and RFC 4533 - “LDAP Content Synchronization Operation” It is extremely flexible and “JGOWI” ● Push Based, Pull based, Proxies..... ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 7
The History of Replication OpenLDAP 2.4 adds: ● MirrorMode (Active-Active Hot-standby) – N-Way Multimaster Replication – More sophisticated Syncrepl configurations – Replicating slapd Configuration (syncrepl and cn=config) – http://creativecommons.org/licenses/by/3.0/ 02/04/09 8
Deployment Alternatives Syncrepl ● Delta-syncrepl ● N-Way Multi-Master ● MirrorMode ● Syncrepl Proxy Mode ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 9
LDAP Content Synchronization Protocol (LDAP Sync) RFC 4533 - LDAP Content Synchronization ● Operation - June 2006 refreshOnly and refreshAndPersist ● Eventually-convergent content synchronization ● Client can be notified that a complete reload is ● needed (used in Delta-syncrepl) Copy of “DIT Fragment” ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 10
LDAP Content Synchronization Protocol (LDAP Sync) Inconsistencies resolved on subsequent syncs ● Not good for bandwidth challenged ● apps/deployments Not for use with apps that need “transactional ● data consistency” Example of refreshOnly and refreshAndPresist ● to follow http://creativecommons.org/licenses/by/3.0/ 02/04/09 11
http://creativecommons.org/licenses/by/3.0/ 02/04/09 12
http://creativecommons.org/licenses/by/3.0/ 02/04/09 13
LDAP Sync Replication (Syncrepl) LDAP Sync Replication engine, syncrepl for short ● Consumer-side replication engine ● Resides at the consumer and executes as one of the ● slapd(8) threads. Uses the LDAP Content Synchronization protocol (or ● LDAP Sync for short) - RFC4533 LDAP Sync provides a stateful replication which supports ● both pull-based and push-based synchronization and does not mandate the use of a history store. http://creativecommons.org/licenses/by/3.0/ 02/04/09 14
LDAP Sync Replication (Syncrepl) Pull-based replication - periodically polls the provider for ● updates. Push-based replication - consumer listens for updates that are ● sent in realtime Syncrepl tracks status of the replication content by maintaining ● and exchanging synchronization cookies Consumer replica can be constructed from a consumer-side or ● a provider-side backup at any synchronization status. Syncrepl can automatically resynchronize the consumer replica ● up-to-date with the current provider content. http://creativecommons.org/licenses/by/3.0/ 02/04/09 15
LDAP Sync Replication (Syncrepl) Session log can be used in the provider which stores the ● entryUUIDs of a finite number of entries deleted from a database in order to use the delete phase LDAP Sync provider maintains a contextCSN in the suffix ● entry (change sequence number = CSN) It is the largest entryCSN in the provider context ● (depending on outstanding transactions) contextCSN maintained primarily in memory and written at ● shutdown, but can be checkpointed. http://creativecommons.org/licenses/by/3.0/ 02/04/09 16
LDAP Sync Replication (Syncrepl) Whole database scanned if contextCSN not found and ● new one generated Consumer also stores its replica state, which is the ● provider's contextCSN received as a synchronization cookie New Consumer doesn't change provider config ● No provider restarts needed ● Consumer replication can stop without the need for ● provider-side changes and restart. http://creativecommons.org/licenses/by/3.0/ 02/04/09 17
Delta-syncrepl Disadvantages of LDAP Sync ● LDAP Sync replication is an object-based ● replication Both the changed and unchanged attribute values ● are processed Excess traffic generated for small changes ● changelog-based variant of syncrepl ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 18
Delta-syncrepl Maintains a changelog on the provider ● Consumer checks the changelog for the ● changes it needs If a replica is too far out of sync, switches to ● conventional syncrepl Switches back to the delta-syncrepl mode when ● fully sync'd http://creativecommons.org/licenses/by/3.0/ 02/04/09 19
http://creativecommons.org/licenses/by/3.0/ 02/04/09 20
N-Way Multi-Master Uses Syncrepl to replicate data to multiple provider ● (quot;Masterquot;) Directory servers. Avoids a single point of failure ● Supports complex topologies ● Providers can be located in several physical sites ● Good for Automatic failover/High Availability ● Requires synchronised time source - ntp ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 21
N-Way Multi-Master It has NOTHING to do with load balancing ● Providers must propagate writes to all the other servers ● Network traffic and write load spreads across all of the ● servers the same as for single-master. Server utilization and performance are at best identical for ● Multi-Master and Single-Master replication Single-Master is superior because indexing can be tuned ● differently to optimize for the different usage patterns between the provider and the consumers. http://creativecommons.org/licenses/by/3.0/ 02/04/09 22
N-Way Multi-Master Breaks the data consistency guarantees of the ● directory model Crashed, or network link has failed??? ● More: ● http://www.watersprings.org/pub/id/draft-zeilenga-ldup-harmful-02.txt ● http://www.openldap.org/faq/data/cache/1240.html ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 23
http://creativecommons.org/licenses/by/3.0/ 02/04/09 24
MirrorMode Is a Active-Active Hot-Standby solution ● External front end needed ● Not a Multi-Master solution ● Syncrepl also allows the provider nodes to re- ● synchronize after any downtime Delta-Syncrepl is not yet supported ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 25
MirrorMode Two providers are set up to replicate from each ● other An external frontend is employed to direct all ● writes to only one of the two servers. The second provider will only be used for writes ● if the first provider crashes automatically catch up to any changes on the ● running provider and resync. http://creativecommons.org/licenses/by/3.0/ 02/04/09 26
MirrorMode http://creativecommons.org/licenses/by/3.0/ 02/04/09 27
Syncrepl Proxy Mode refreshAndPersist must still ● be initiated from the consumer Firewalls may need provider ● initiated push-mode replication slapd-ldap proxy is set up ● near or with the provider that points to the consumer syncrepl engine runs on the ● proxy and points to provider http://creativecommons.org/licenses/by/3.0/ 02/04/09 28
Syncrepl Proxy Mode http://creativecommons.org/licenses/by/3.0/ 02/04/09 29
Replication Best Practices Use a replication user ● You can restart replication by adding/removing ● syncrepl statement if needed when changing replication credentials/certificates MirrorMode always good enough for most ● enterprises dependent on global requirements Slapo-chain to chain writes back to provider ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 30
Replication Best Practices [ghenry@suretec ~]$ ldapsearch ­x ­LLL ­H ldap[?]://master:389 ­s base ­b  'dc=suretecsystems,dc=com' contextCSN[?] dn: dc=suretecsystems,dc=com  contextCSN: 20081025222436.822813Z&000000;000#000000  [ghenry@suretec ~]$ ldapsearch ­x ­LLL ­H ldap://slave:389 ­s base ­b  'dc=suretecsystems,dc=com' contextCSN dn: dc=suretecsystems,dc=com  contextCSN: 20081025222436.822813Z&000000;000#000000 Backups – online(ldapsearch)/offline(slapcat)/phyiscal ● Checkpointing ● Monitoring: ● Nagios ● ZenOSS etc. ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 31
Conclusion OpenLDAP is the fastest directory software in the ● world. Now it also provides the best replication features in the world. There is always a replication model to suit your needs, ● if not send us a patch! Don't hide in a corner, join our community, ask ● questions and help others! - http://www.openldap.org http://creativecommons.org/licenses/by/3.0/ 02/04/09 32
Questions? http://creativecommons.org/licenses/by/3.0/ 02/04/09 33

Recommended

HBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseHBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseenissoz
 
Performance Scenario: Diagnosing and resolving sudden slow down on two node RAC
Performance Scenario: Diagnosing and resolving sudden slow down on two node RACPerformance Scenario: Diagnosing and resolving sudden slow down on two node RAC
Performance Scenario: Diagnosing and resolving sudden slow down on two node RACKristofferson A
 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & FeaturesDataStax Academy
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsDataWorks Summit
 
Tuning Apache Kafka Connectors for Flink.pptx
Tuning Apache Kafka Connectors for Flink.pptxTuning Apache Kafka Connectors for Flink.pptx
Tuning Apache Kafka Connectors for Flink.pptxFlink Forward
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm Chandler Huang
 
PowerDNS with MySQL
PowerDNS with MySQLPowerDNS with MySQL
PowerDNS with MySQLI Goo Lee
 
Practical experiences and best practices for SSD and IBM i
Practical experiences and best practices for SSD and IBM iPractical experiences and best practices for SSD and IBM i
Practical experiences and best practices for SSD and IBM iCOMMON Europe
 

Recommended

HBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseHBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseenissoz
 
Performance Scenario: Diagnosing and resolving sudden slow down on two node RAC
Performance Scenario: Diagnosing and resolving sudden slow down on two node RACPerformance Scenario: Diagnosing and resolving sudden slow down on two node RAC
Performance Scenario: Diagnosing and resolving sudden slow down on two node RACKristofferson A
 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & FeaturesDataStax Academy
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsDataWorks Summit
 
Tuning Apache Kafka Connectors for Flink.pptx
Tuning Apache Kafka Connectors for Flink.pptxTuning Apache Kafka Connectors for Flink.pptx
Tuning Apache Kafka Connectors for Flink.pptxFlink Forward
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm Chandler Huang
 
PowerDNS with MySQL
PowerDNS with MySQLPowerDNS with MySQL
PowerDNS with MySQLI Goo Lee
 
Practical experiences and best practices for SSD and IBM i
Practical experiences and best practices for SSD and IBM iPractical experiences and best practices for SSD and IBM i
Practical experiences and best practices for SSD and IBM iCOMMON Europe
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBMike Dirolf
 
Redis introduction
Redis introductionRedis introduction
Redis introductionFederico Daniel Colombo Gennarelli
 
Data models in NoSQL
Data models in NoSQLData models in NoSQL
Data models in NoSQLDr-Dipali Meher
 
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataDataWorks Summit
 
Hadoop HDFS Concepts
Hadoop HDFS ConceptsHadoop HDFS Concepts
Hadoop HDFS ConceptsProTechSkills Training
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017Gianluca Hotz
 
Kafka replication apachecon_2013
Kafka replication apachecon_2013Kafka replication apachecon_2013
Kafka replication apachecon_2013Jun Rao
 
Hive+Tez: A performance deep dive
Hive+Tez: A performance deep diveHive+Tez: A performance deep dive
Hive+Tez: A performance deep divet3rmin4t0r
 
Redis 101
Redis 101Redis 101
Redis 101Geoff Hoffman
 
Introduction to HBase - NoSqlNow2015
Introduction to HBase - NoSqlNow2015Introduction to HBase - NoSqlNow2015
Introduction to HBase - NoSqlNow2015Apekshit Sharma
 
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...CloudxLab
 
Apache Flink and what it is used for
Apache Flink and what it is used forApache Flink and what it is used for
Apache Flink and what it is used forAljoscha Krettek
 
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red HatMultiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red HatOpenStack
 
Distributed Lock Manager
Distributed Lock ManagerDistributed Lock Manager
Distributed Lock ManagerHao Chen
 
HBase Operations and Best Practices
HBase Operations and Best PracticesHBase Operations and Best Practices
HBase Operations and Best PracticesVenu Anuganti
 
GFS - Google File System
GFS - Google File SystemGFS - Google File System
GFS - Google File Systemtutchiio
 
The Google File System (GFS)
The Google File System (GFS)The Google File System (GFS)
The Google File System (GFS)Romain Jacotin
 
Introduction to apache zoo keeper
Introduction to apache zoo keeper Introduction to apache zoo keeper
Introduction to apache zoo keeper Omid Vahdaty
 
OpenTSDB 2.0
OpenTSDB 2.0OpenTSDB 2.0
OpenTSDB 2.0HBaseCon
 
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingApache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingDataWorks Summit
 
Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAPLDAPCon
 
CMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateCMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateOSSラボ株式会社
 

More Related Content

What's hot

Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBMike Dirolf
 
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataDataWorks Summit
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017Gianluca Hotz
 
Kafka replication apachecon_2013
Kafka replication apachecon_2013Kafka replication apachecon_2013
Kafka replication apachecon_2013Jun Rao
 
Hive+Tez: A performance deep dive
Hive+Tez: A performance deep diveHive+Tez: A performance deep dive
Hive+Tez: A performance deep divet3rmin4t0r
 
Introduction to HBase - NoSqlNow2015
Introduction to HBase - NoSqlNow2015Introduction to HBase - NoSqlNow2015
Introduction to HBase - NoSqlNow2015Apekshit Sharma
 
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...CloudxLab
 
Apache Flink and what it is used for
Apache Flink and what it is used forApache Flink and what it is used for
Apache Flink and what it is used forAljoscha Krettek
 
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red HatMultiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red HatOpenStack
 
Distributed Lock Manager
Distributed Lock ManagerDistributed Lock Manager
Distributed Lock ManagerHao Chen
 
HBase Operations and Best Practices
HBase Operations and Best PracticesHBase Operations and Best Practices
HBase Operations and Best PracticesVenu Anuganti
 
GFS - Google File System
GFS - Google File SystemGFS - Google File System
GFS - Google File Systemtutchiio
 
The Google File System (GFS)
The Google File System (GFS)The Google File System (GFS)
The Google File System (GFS)Romain Jacotin
 
Introduction to apache zoo keeper
Introduction to apache zoo keeper Introduction to apache zoo keeper
Introduction to apache zoo keeper Omid Vahdaty
 
OpenTSDB 2.0
OpenTSDB 2.0OpenTSDB 2.0
OpenTSDB 2.0HBaseCon
 
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingApache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingDataWorks Summit
 

What's hot (20)

Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDB
 
Redis introduction
Redis introductionRedis introduction
Redis introduction
 
Data models in NoSQL
Data models in NoSQLData models in NoSQL
Data models in NoSQL
 
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big Data
 
Hadoop HDFS Concepts
Hadoop HDFS ConceptsHadoop HDFS Concepts
Hadoop HDFS Concepts
 
Always on in sql server 2017
Always on in sql server 2017Always on in sql server 2017
Always on in sql server 2017
 
Kafka replication apachecon_2013
Kafka replication apachecon_2013Kafka replication apachecon_2013
Kafka replication apachecon_2013
 
Hive+Tez: A performance deep dive
Hive+Tez: A performance deep diveHive+Tez: A performance deep dive
Hive+Tez: A performance deep dive
 
Redis 101
Redis 101Redis 101
Redis 101
 
Introduction to HBase - NoSqlNow2015
Introduction to HBase - NoSqlNow2015Introduction to HBase - NoSqlNow2015
Introduction to HBase - NoSqlNow2015
 
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...
Introduction to MapReduce - Hadoop Streaming | Big Data Hadoop Spark Tutorial...
 
Apache Flink and what it is used for
Apache Flink and what it is used forApache Flink and what it is used for
Apache Flink and what it is used for
 
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red HatMultiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
 
Distributed Lock Manager
Distributed Lock ManagerDistributed Lock Manager
Distributed Lock Manager
 
HBase Operations and Best Practices
HBase Operations and Best PracticesHBase Operations and Best Practices
HBase Operations and Best Practices
 
GFS - Google File System
GFS - Google File SystemGFS - Google File System
GFS - Google File System
 
The Google File System (GFS)
The Google File System (GFS)The Google File System (GFS)
The Google File System (GFS)
 
Introduction to apache zoo keeper
Introduction to apache zoo keeper Introduction to apache zoo keeper
Introduction to apache zoo keeper
 
OpenTSDB 2.0
OpenTSDB 2.0OpenTSDB 2.0
OpenTSDB 2.0
 
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingApache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data Processing
 

Viewers also liked

Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAPLDAPCon
 
CMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateCMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateOSSラボ株式会社
 
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalOpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalJonathan Clarke
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLsbahloul
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs LdapJuan Bau
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010RUDDER
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioLDAPCon
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Michael Lamont
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAPLDAPCon
 
Synchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectSynchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectClément OUDOT
 
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCRMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCClément OUDOT
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersPerforce
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyClément OUDOT
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCLDAPCon
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active DirectoryAhmad Haghighi
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerTola LENG
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administrationAli Abdo
 

Viewers also liked (20)

Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAP
 
CMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 updateCMDBuild overview (Japanese) V2.4 update
CMDBuild overview (Japanese) V2.4 update
 
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalOpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLL
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs Ldap
 
IAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutionsIAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutions
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory Studio
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAP
 
Synchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectSynchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC project
 
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCRMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
 
Rhel6
Rhel6Rhel6
Rhel6
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policy
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSC
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active Directory
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAP
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba Server
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
 

Similar to OpenLDAP Replication Strategies

The architecture of oak
The architecture of oakThe architecture of oak
The architecture of oakMichael Dürig
 
Rails Application Optimization Techniques & Tools
Rails Application Optimization Techniques & ToolsRails Application Optimization Techniques & Tools
Rails Application Optimization Techniques & Toolsguest05c09d
 
Docker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukDocker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukLohika_Odessa_TechTalks
 
MySQL Replication Performance Tuning for Fun and Profit!
MySQL Replication Performance Tuning for Fun and Profit!MySQL Replication Performance Tuning for Fun and Profit!
MySQL Replication Performance Tuning for Fun and Profit!Vitor Oliveira
 
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE
 
State of Containers and the Convergence of HPC and BigData
State of Containers and the Convergence of HPC and BigDataState of Containers and the Convergence of HPC and BigData
State of Containers and the Convergence of HPC and BigDatainside-BigData.com
 
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoOracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoMarkus Michalewicz
 
Apache Kafka with Spark Streaming: Real-time Analytics Redefined
Apache Kafka with Spark Streaming: Real-time Analytics RedefinedApache Kafka with Spark Streaming: Real-time Analytics Redefined
Apache Kafka with Spark Streaming: Real-time Analytics RedefinedEdureka!
 
Digital Fabrication Studio.02 _Information @ Aalto Media Factory
Digital Fabrication Studio.02 _Information @ Aalto Media FactoryDigital Fabrication Studio.02 _Information @ Aalto Media Factory
Digital Fabrication Studio.02 _Information @ Aalto Media FactoryMassimo Menichinelli
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Clusterphanleson
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsFederico Michele Facca
 
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...Qualcomm Developer Network
 
State of Linux Containers for HPC
State of Linux Containers for HPCState of Linux Containers for HPC
State of Linux Containers for HPCinside-BigData.com
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelpurpleocean
 
Cat on demand emc vplex weakness
Cat on demand emc vplex weaknessCat on demand emc vplex weakness
Cat on demand emc vplex weaknessSahatma Siallagan
 
OpenPOWER Application Optimization
OpenPOWER Application Optimization OpenPOWER Application Optimization
OpenPOWER Application Optimization Ganesan Narayanasamy
 
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...confluent
 
Digital Fabrication Studio v.0.2: Information
Digital Fabrication Studio v.0.2: InformationDigital Fabrication Studio v.0.2: Information
Digital Fabrication Studio v.0.2: InformationMassimo Menichinelli
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practiceDocker, Inc.
 
Drupal Efficiency
Drupal EfficiencyDrupal Efficiency
Drupal Efficiencysmattoon
 

Similar to OpenLDAP Replication Strategies (20)

The architecture of oak
The architecture of oakThe architecture of oak
The architecture of oak
 
Rails Application Optimization Techniques & Tools
Rails Application Optimization Techniques & ToolsRails Application Optimization Techniques & Tools
Rails Application Optimization Techniques & Tools
 
Docker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukDocker based Architecture by Denys Serdiuk
Docker based Architecture by Denys Serdiuk
 
MySQL Replication Performance Tuning for Fun and Profit!
MySQL Replication Performance Tuning for Fun and Profit!MySQL Replication Performance Tuning for Fun and Profit!
MySQL Replication Performance Tuning for Fun and Profit!
 
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE PlatformsFIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
FIWARE Tech Summit - Docker Swarm Secrets for Creating Great FIWARE Platforms
 
State of Containers and the Convergence of HPC and BigData
State of Containers and the Convergence of HPC and BigDataState of Containers and the Convergence of HPC and BigData
State of Containers and the Convergence of HPC and BigData
 
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoOracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
 
Apache Kafka with Spark Streaming: Real-time Analytics Redefined
Apache Kafka with Spark Streaming: Real-time Analytics RedefinedApache Kafka with Spark Streaming: Real-time Analytics Redefined
Apache Kafka with Spark Streaming: Real-time Analytics Redefined
 
Digital Fabrication Studio.02 _Information @ Aalto Media Factory
Digital Fabrication Studio.02 _Information @ Aalto Media FactoryDigital Fabrication Studio.02 _Information @ Aalto Media Factory
Digital Fabrication Studio.02 _Information @ Aalto Media Factory
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Cluster
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platforms
 
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
Power-Efficient Programming Using Qualcomm Multicore Asynchronous Runtime Env...
 
State of Linux Containers for HPC
State of Linux Containers for HPCState of Linux Containers for HPC
State of Linux Containers for HPC
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
 
Cat on demand emc vplex weakness
Cat on demand emc vplex weaknessCat on demand emc vplex weakness
Cat on demand emc vplex weakness
 
OpenPOWER Application Optimization
OpenPOWER Application Optimization OpenPOWER Application Optimization
OpenPOWER Application Optimization
 
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
Kafka Cluster Federation at Uber (Yupeng Fui & Xiaoman Dong, Uber) Kafka Summ...
 
Digital Fabrication Studio v.0.2: Information
Digital Fabrication Studio v.0.2: InformationDigital Fabrication Studio v.0.2: Information
Digital Fabrication Studio v.0.2: Information
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practice
 
Drupal Efficiency
Drupal EfficiencyDrupal Efficiency
Drupal Efficiency
 

Recently uploaded

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

OpenLDAP Replication Strategies

  • 1. OpenLDAP Replication Strategies Gavin Henry Managing Director, Suretec Systems Ltd. - ghenry@suretecsystems.com Documentation Developer, OpenLDAP Project - ghenry@openldap.org
  • 2. Agenda Overview ● The History of Replication ● Replication Technology ● Deployment Alternatives ● Replication Best Practices ● Questions and Answers ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 2
  • 3. Overview OpenLDAP is an open source code project ● Founded 1998 ● Three core team members ● A dozen or so contributors (engineering team) ● Feature releases every 12-18 months ● Maintenance releases roughly monthly ●
  • 4. Overview Replicated directories are a fundamental requirement ● for delivering a resilient enterprise deployment. Slurpd is now completely removed from 2.4 ● There's new terminology – Provider/Consumer ● MirrorMode and Multi-Master now available ● Replication needs to support complex environments ● Wonderful things can be done with the “Dynamic ● Configuration Backend” http://creativecommons.org/licenses/by/3.0/ 02/04/09 4
  • 5. The History of Replication Slurpd was the first form of replication ● Slurpd was a standalone daemon plagued with ● problems (in brief): slurpd never rerouted requests – It was not reliable – It was extremely sensitive to the ordering of records in – the replog more.... – http://creativecommons.org/licenses/by/3.0/ 02/04/09 5
  • 6. The History of Replication It could easily go out of sync, at which point manual – intervention was required It wasn't very tolerant of unavailable servers. – It only worked in push mode – It required stopping and restarting the master to add new – slaves It only supported single master replication – Slurpd is no longer part of OpenLDAP 2.4 ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 6
  • 7. The History of Replication Syncrepl has none of those weaknesses ● Syncrepl was born on April Fools Day 2003 and ● is documented in the Admin Guide and RFC 4533 - “LDAP Content Synchronization Operation” It is extremely flexible and “JGOWI” ● Push Based, Pull based, Proxies..... ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 7
  • 8. The History of Replication OpenLDAP 2.4 adds: ● MirrorMode (Active-Active Hot-standby) – N-Way Multimaster Replication – More sophisticated Syncrepl configurations – Replicating slapd Configuration (syncrepl and cn=config) – http://creativecommons.org/licenses/by/3.0/ 02/04/09 8
  • 9. Deployment Alternatives Syncrepl ● Delta-syncrepl ● N-Way Multi-Master ● MirrorMode ● Syncrepl Proxy Mode ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 9
  • 10. LDAP Content Synchronization Protocol (LDAP Sync) RFC 4533 - LDAP Content Synchronization ● Operation - June 2006 refreshOnly and refreshAndPersist ● Eventually-convergent content synchronization ● Client can be notified that a complete reload is ● needed (used in Delta-syncrepl) Copy of “DIT Fragment” ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 10
  • 11. LDAP Content Synchronization Protocol (LDAP Sync) Inconsistencies resolved on subsequent syncs ● Not good for bandwidth challenged ● apps/deployments Not for use with apps that need “transactional ● data consistency” Example of refreshOnly and refreshAndPresist ● to follow http://creativecommons.org/licenses/by/3.0/ 02/04/09 11
  • 14. LDAP Sync Replication (Syncrepl) LDAP Sync Replication engine, syncrepl for short ● Consumer-side replication engine ● Resides at the consumer and executes as one of the ● slapd(8) threads. Uses the LDAP Content Synchronization protocol (or ● LDAP Sync for short) - RFC4533 LDAP Sync provides a stateful replication which supports ● both pull-based and push-based synchronization and does not mandate the use of a history store. http://creativecommons.org/licenses/by/3.0/ 02/04/09 14
  • 15. LDAP Sync Replication (Syncrepl) Pull-based replication - periodically polls the provider for ● updates. Push-based replication - consumer listens for updates that are ● sent in realtime Syncrepl tracks status of the replication content by maintaining ● and exchanging synchronization cookies Consumer replica can be constructed from a consumer-side or ● a provider-side backup at any synchronization status. Syncrepl can automatically resynchronize the consumer replica ● up-to-date with the current provider content. http://creativecommons.org/licenses/by/3.0/ 02/04/09 15
  • 16. LDAP Sync Replication (Syncrepl) Session log can be used in the provider which stores the ● entryUUIDs of a finite number of entries deleted from a database in order to use the delete phase LDAP Sync provider maintains a contextCSN in the suffix ● entry (change sequence number = CSN) It is the largest entryCSN in the provider context ● (depending on outstanding transactions) contextCSN maintained primarily in memory and written at ● shutdown, but can be checkpointed. http://creativecommons.org/licenses/by/3.0/ 02/04/09 16
  • 17. LDAP Sync Replication (Syncrepl) Whole database scanned if contextCSN not found and ● new one generated Consumer also stores its replica state, which is the ● provider's contextCSN received as a synchronization cookie New Consumer doesn't change provider config ● No provider restarts needed ● Consumer replication can stop without the need for ● provider-side changes and restart. http://creativecommons.org/licenses/by/3.0/ 02/04/09 17
  • 18. Delta-syncrepl Disadvantages of LDAP Sync ● LDAP Sync replication is an object-based ● replication Both the changed and unchanged attribute values ● are processed Excess traffic generated for small changes ● changelog-based variant of syncrepl ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 18
  • 19. Delta-syncrepl Maintains a changelog on the provider ● Consumer checks the changelog for the ● changes it needs If a replica is too far out of sync, switches to ● conventional syncrepl Switches back to the delta-syncrepl mode when ● fully sync'd http://creativecommons.org/licenses/by/3.0/ 02/04/09 19
  • 21. N-Way Multi-Master Uses Syncrepl to replicate data to multiple provider ● (quot;Masterquot;) Directory servers. Avoids a single point of failure ● Supports complex topologies ● Providers can be located in several physical sites ● Good for Automatic failover/High Availability ● Requires synchronised time source - ntp ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 21
  • 22. N-Way Multi-Master It has NOTHING to do with load balancing ● Providers must propagate writes to all the other servers ● Network traffic and write load spreads across all of the ● servers the same as for single-master. Server utilization and performance are at best identical for ● Multi-Master and Single-Master replication Single-Master is superior because indexing can be tuned ● differently to optimize for the different usage patterns between the provider and the consumers. http://creativecommons.org/licenses/by/3.0/ 02/04/09 22
  • 23. N-Way Multi-Master Breaks the data consistency guarantees of the ● directory model Crashed, or network link has failed??? ● More: ● http://www.watersprings.org/pub/id/draft-zeilenga-ldup-harmful-02.txt ● http://www.openldap.org/faq/data/cache/1240.html ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 23
  • 25. MirrorMode Is a Active-Active Hot-Standby solution ● External front end needed ● Not a Multi-Master solution ● Syncrepl also allows the provider nodes to re- ● synchronize after any downtime Delta-Syncrepl is not yet supported ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 25
  • 26. MirrorMode Two providers are set up to replicate from each ● other An external frontend is employed to direct all ● writes to only one of the two servers. The second provider will only be used for writes ● if the first provider crashes automatically catch up to any changes on the ● running provider and resync. http://creativecommons.org/licenses/by/3.0/ 02/04/09 26
  • 27. MirrorMode http://creativecommons.org/licenses/by/3.0/ 02/04/09 27
  • 28. Syncrepl Proxy Mode refreshAndPersist must still ● be initiated from the consumer Firewalls may need provider ● initiated push-mode replication slapd-ldap proxy is set up ● near or with the provider that points to the consumer syncrepl engine runs on the ● proxy and points to provider http://creativecommons.org/licenses/by/3.0/ 02/04/09 28
  • 29. Syncrepl Proxy Mode http://creativecommons.org/licenses/by/3.0/ 02/04/09 29
  • 30. Replication Best Practices Use a replication user ● You can restart replication by adding/removing ● syncrepl statement if needed when changing replication credentials/certificates MirrorMode always good enough for most ● enterprises dependent on global requirements Slapo-chain to chain writes back to provider ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 30
  • 31. Replication Best Practices [ghenry@suretec ~]$ ldapsearch ­x ­LLL ­H ldap[?]://master:389 ­s base ­b  'dc=suretecsystems,dc=com' contextCSN[?] dn: dc=suretecsystems,dc=com  contextCSN: 20081025222436.822813Z&000000;000#000000  [ghenry@suretec ~]$ ldapsearch ­x ­LLL ­H ldap://slave:389 ­s base ­b  'dc=suretecsystems,dc=com' contextCSN dn: dc=suretecsystems,dc=com  contextCSN: 20081025222436.822813Z&000000;000#000000 Backups – online(ldapsearch)/offline(slapcat)/phyiscal ● Checkpointing ● Monitoring: ● Nagios ● ZenOSS etc. ● http://creativecommons.org/licenses/by/3.0/ 02/04/09 31
  • 32. Conclusion OpenLDAP is the fastest directory software in the ● world. Now it also provides the best replication features in the world. There is always a replication model to suit your needs, ● if not send us a patch! Don't hide in a corner, join our community, ask ● questions and help others! - http://www.openldap.org http://creativecommons.org/licenses/by/3.0/ 02/04/09 32
  • 33. Questions? http://creativecommons.org/licenses/by/3.0/ 02/04/09 33