First, a visual. In the following diagram we have a network. All the computers are on a single subnet. The two switches are connected via a 6 Gbps fiber link. There’s a master and two replicas, as well as two AFP servers hosting home directories. All servers should be Kerberized. Lets assume all clients will be configured to use Portable Home Directories because users all have a dedicated machine.
[url]http://farm1.static.flickr.com/203/479836641_0a95038ea4_o.png[/url]
Obviously, clients on the same switch as replica1 would have Directory Access LDAP pointed at replica1.corp.com for Autehntication and Contacts and clients on the same switch as replica2 would point to replica2.corp.com. Likewise, they’d point to the nearest server for home directories. That much seems clear and consistent.
I have two questions I haven’t been able to get a consistent answer on, and I’d like to see if any of you have an opinion.
1. home1.corp.com would be confirgued as Connected to a Directory System and then Kerberized. Should the LDAP binding be set to master.corp.com or replica1.corp.com? If you point a server to a replica, can you still Kerberize it easily via the GUI in Server Admin? Likewise, would home2.corp.com be set to bind with master or replica2?
2. If you wanted to provide clients with a second LDAP server in case of a failure, would you point the seconday LDAP entry to master or the other replica?
Any thoughts you have would be immensely helpful.
***I tried to embed the image, but it’s getting flagges as spam. Click the URL to see the visual.
.
.
Comments are closed