I'm setting up OpenLDAP on a router/firewall that's running OpenBSD + CARP + pfsync. Curious enough, I'm wondering what's my best approach to making sure the setup stays redundant between the two boxes in the event one goes down. Do I simply set up replication between the two hosts, and use a VIP (Virtual IP) that all clients use to speak to it? Is there a better way of handling it?
Asked
Active
Viewed 487 times
1 Answers
1
You've got the right idea - Set up replication between the two hosts (on non-CARP IPs) and point your clients at the CARP virtual IP. Debug your LDAP replication (syncrepl) first obviously :-)
There are other ways to handle this with load balancing (using pf), but that requires more hardware in order to maintain redundancy.
voretaq7
- 79,879
- 17
- 130
- 214