directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trustin Lee <>
Subject Re: [replication] Master slave replication will not suffice
Date Thu, 24 Feb 2005 01:50:05 GMT
On Wed, 23 Feb 2005 20:15:46 -0500, Alex Karasulu <> wrote:
> I was thinking about replication earlier today.  I was hoping we can
> quickly implement master slave replication by piggy backing on a JMS
> implementation like ActiveMQ.  It quickly occured to me however that
> there is no way we can utilize a master slave rep. configuration without
> loosing all the benefits of having embedded services like Kerberos, DNS,
> DHCP etc.
> The reasoning behind this has to do with the way master-slave rep.
> works.  Basically there is one master and all other servers are slaves
> a.k.a. replicas.  A request to modify a replica returns an error
> indicating the replica is not writable along with a referral to the
> master.  I forget the exact LDAP result code returned.  The client would
> then contact the master for the alteration what ever it may be.  The
> master makes the change and propagates it to the replicas usually using
> a special replication user that bypasses certain checks.
> Here's the problem: with a master slave setup an embedded inet service
> like Kerberos will have to contact the master of the system to make
> alterations on all replicas for any alterations to the DIT!  This
> defeats the entire purpose of embedding the service in the first place
> and limits the HA yeild from replication.

Doesn't Kerberos service use JNDI to access ApacheDS backend storage? 
So, how about modifying JNDI provider to request the alteration to the
master behind the scene?

> So what we need is multimaster replication.  This is an order of
> magnitude more complex than master slave replication.
>     -Alex

- Trustin
what we call human nature is actually human habit

View raw message