12 Dec
2011
12 Dec
'11
1:44 p.m.
On Mon, Dec 12, 2011 at 09:25:14PM +1000, Nick Edwards wrote:
Thanks, we considered options, ruled out master-master for security, and since everything is with mysql (AAA) we decided not to introduce another database type,
But LDAP master-master is sooo nice :-) and once you have your users in LDAP it's triviall to re-use it as user source in lots of services (postfix lookups, authenticated smtp, apache basic auth, dovecot, etc..).
To get away from our SPoF mysql userdatabase I wrote some scripts that checkes for changes in the mysql userdatabase, and push these to LDAP every x minutes. The mysql-database is still our master user source, but I'm looking forward to getting rid of it completely real soon now.
-jf