directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: [ApacheDS] Using DS in a many-clients-one-master setup over the internet?
Date Mon, 03 Mar 2014 20:50:06 GMT
Le 3/3/14 8:46 PM, Marcel Bruch a écrit :
> Hi ds-users,
> I’m currently evaluating an idea to which using Apache DS partially sounds like a good
fit. However, I’m not sure and I’m seeking some advice. Without detailing on the exact
requirements and use case it may sound weird.
> We have highly structured and hierarchical data (basically a several GB huge knowledge-base)
that is stored on a server and updated from time to time. 
> In a (far) future there *might* be 10.000 up to 100.000 clients somewhere on the web
that need to access parts of that data. Currently there are a few hundred clients.
> These clients should be able to replicate some small parts of that hierarchical data
(according to some access rights) to speed up their data access and work in some "offline
mode“ if required. These slaves should be updated from time to time with data from the master
> My first question is: Is LDAP in general a suitable protocol for these requirements 

Yes. Definitively yes. For the record, this is what Microsoft is doing
with Active Directoy, where everyone can connect on his/her machine even
if it's not connected to the domain server.

> and is Apache DS an appropriate server when it comes to such master-slave scenario with
slaves all over the internet? 

Assuming you don't have a lot of modifications, most certainly. And if
ApacheDS is not fast enough for your needs, you can even use OpenLDAP as
a central server, with ApacheDS being distributed - they are usig the
same replication protocol, syncrepl -.

> The slaves would run as embedded clients inside a java application on a desktop pc.

That's fine.
> My second question would be: Do firewalls typically allow connections to LDAP or LDAPS
This has to be configured. But if this becomes a problem, we have worked
on some scenario where we use DSML instead of pure LDAP, thus allowing
your applicatio, to use port 80. This is not part of the main server
though, it has to be added (and, no this is not complicated).

> if not, is there any way to run replication over something that firewalls usually permit?

replicatio is pure LDAP. Using a DSML proxy should work, or some LDAP
<-> Json transport. I would left Kiran replied here.

Hope it helps.

Emmanuel Lécharny 

View raw message