Hello all,
I work for a school and here's my case :
I need to synchronise my clearos main LDAP server to different slaves at different locations and configurations.
Here's the situation :
At the head office of the school, I'm not responsible for the network infrastructure. I just have the management of a specific vlan (without the management of a firewall). Inside this vlan, I've a Cleaors acting as a dhcp and ldap server to authenticate MAC computers. Everynight, my ldap is synchronized with an export of a udge AD system from my government . So, this first ClearOS is my master. Inside that VLAN, I'd lo install a second system in case of failure.
I'm not allowed to do any incoming communication from the internet in this vlan. However, I do have a DMZ available. So I would like to install a second server in my DMZ for replication. In my DMZ, I'll have other servers (like Moodle) wich are going to connect to my LDAP for the authentication ; so they'll have to authenticate to the one installed in my DMZ.
Finally, I've a part of the school in another city. There, I've a clearos system acting as a gateway and I've the full control of the infrastructure. I'd like that the ldap of this system is the slave of the one in my DMZ (students and teachers are the same).
So, is it possible to install 4 clearOS system (2 in my main vlan), 1 in my DMZ and 1 (existing) in the other city and configure them in the way : vlan --> DMZ ---> other city ?
of, for the one in the dmz, can I just install a basic centos server with openldap and than make the same synchronisation : VLAN (Clearos) --> DMZ (basic centos) --> Other city (ClearOS)
Per advance, thanks for your help
Arnaud
I work for a school and here's my case :
I need to synchronise my clearos main LDAP server to different slaves at different locations and configurations.
Here's the situation :
At the head office of the school, I'm not responsible for the network infrastructure. I just have the management of a specific vlan (without the management of a firewall). Inside this vlan, I've a Cleaors acting as a dhcp and ldap server to authenticate MAC computers. Everynight, my ldap is synchronized with an export of a udge AD system from my government . So, this first ClearOS is my master. Inside that VLAN, I'd lo install a second system in case of failure.
I'm not allowed to do any incoming communication from the internet in this vlan. However, I do have a DMZ available. So I would like to install a second server in my DMZ for replication. In my DMZ, I'll have other servers (like Moodle) wich are going to connect to my LDAP for the authentication ; so they'll have to authenticate to the one installed in my DMZ.
Finally, I've a part of the school in another city. There, I've a clearos system acting as a gateway and I've the full control of the infrastructure. I'd like that the ldap of this system is the slave of the one in my DMZ (students and teachers are the same).
So, is it possible to install 4 clearOS system (2 in my main vlan), 1 in my DMZ and 1 (existing) in the other city and configure them in the way : vlan --> DMZ ---> other city ?
of, for the one in the dmz, can I just install a basic centos server with openldap and than make the same synchronisation : VLAN (Clearos) --> DMZ (basic centos) --> Other city (ClearOS)
Per advance, thanks for your help
Arnaud
Share this post:
Responses (5)
-
Accepted Answer
I am pretty sure ClearOS does not allow a system to be a master and a slave at the same time. Probably the best way to achieve what you want is to have the master in your DMZ. I think you can join directly to it as long as the relevant ports are open (636, 8154 and 8155) and I think ClearOS looks after that for you.
Another way, which may get your bosses annoyed is to set up OpenVPN tunnels from your central site to the remote sites. It can be done using a site to site VPN with your central site dialling out to the remote. Then your remote sites can connect back to you. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »