Ubuntu – How to have a OpenLDAP Multi master replication setup


This is the setup I would like to have.

               LDAP clients
    /                                 \
      |              |             |
      |              |             |
 ldapserver1    ldapserver2   ldapserver3

My challenge is I never did this kind of architecture before, So would like to know from LB prospective, How to configure it like say i have to create a DNS FQDN e.g "ldapserver.example.com" and then use this as a floating IP/hostname for the 3 LDAP servers in the backend? Or what should be done? The network team will do the setup but I need to tell them what to do. I would also like to configure LDAPS, so how to create the certificate i mean what to provide in common name or how to create a certificate which can be shared across the servers, am using openssl ? The setup wiould be a Multi-Master replication.

Best Answer

It depends what tool they will use to do the load-balancing. If they are using BIND for your DNS you could use SRV records and OpenLDAP is one of the few applications that supports it. The attached link will give you greater info, but basically you need to determine a priority value along with a weighting value as well. You basically need to determine how even of a load that you want across the systems and set your values as such.

For the LDAPS certificate you may run into issues if it validates the CN, which in your case would be ldapserver.example.com on all three hosts. If it resolves the locat hostname to the cert it may not work.

BIND SRV Record Type for Load Balancing

Related Question