Forums

Resolved
0 votes
Hello all,
I work for a school and here's my case :

I need to synchronise my clearos main LDAP server to different slaves at different locations and configurations.

Here's the situation :

At the head office of the school, I'm not responsible for the network infrastructure. I just have the management of a specific vlan (without the management of a firewall). Inside this vlan, I've a Cleaors acting as a dhcp and ldap server to authenticate MAC computers. Everynight, my ldap is synchronized with an export of a udge AD system from my government . So, this first ClearOS is my master. Inside that VLAN, I'd lo install a second system in case of failure.


I'm not allowed to do any incoming communication from the internet in this vlan. However, I do have a DMZ available. So I would like to install a second server in my DMZ for replication. In my DMZ, I'll have other servers (like Moodle) wich are going to connect to my LDAP for the authentication ; so they'll have to authenticate to the one installed in my DMZ.

Finally, I've a part of the school in another city. There, I've a clearos system acting as a gateway and I've the full control of the infrastructure. I'd like that the ldap of this system is the slave of the one in my DMZ (students and teachers are the same).

So, is it possible to install 4 clearOS system (2 in my main vlan), 1 in my DMZ and 1 (existing) in the other city and configure them in the way : vlan --> DMZ ---> other city ?

of, for the one in the dmz, can I just install a basic centos server with openldap and than make the same synchronisation : VLAN (Clearos) --> DMZ (basic centos) --> Other city (ClearOS)

Per advance, thanks for your help
Arnaud :)
Friday, January 10 2020, 07:23 AM
Share this post:
Responses (5)
  • Accepted Answer

    Friday, January 10 2020, 11:23 AM - #Permalink
    Resolved
    0 votes
    I am pretty sure ClearOS does not allow a system to be a master and a slave at the same time. Probably the best way to achieve what you want is to have the master in your DMZ. I think you can join directly to it as long as the relevant ports are open (636, 8154 and 8155) and I think ClearOS looks after that for you.

    Another way, which may get your bosses annoyed is to set up OpenVPN tunnels from your central site to the remote sites. It can be done using a site to site VPN with your central site dialling out to the remote. Then your remote sites can connect back to you.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, January 10 2020, 12:45 PM - #Permalink
    Resolved
    0 votes
    Hello Nick,
    Thanks very much for your answer. VPN tunnels won't be allowed from my main VLAN, so the option to have the master in the DMZ coule be the solution. Or maybe have the one in my VLAN and the one in my DMZ on the same 'master - level' and the one in the remote site as slave ?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, January 10 2020, 03:46 PM - #Permalink
    Resolved
    0 votes
    Are you saying no one on your VLAN can connect to a VPN ;)
    The reply is currently minimized Show
  • Accepted Answer

    Friday, January 10 2020, 05:04 PM - #Permalink
    Resolved
    0 votes
    Hello Nick,
    from inside my VLAN, yes I could establish a vpn connection to the outside but the opposite could not be allowed ...they said : no direct access from the outside
    The reply is currently minimized Show
  • Accepted Answer

    Friday, January 10 2020, 07:07 PM - #Permalink
    Resolved
    0 votes
    ClearOS can just as easily call out.......... Once the VPN is established it is a two way thing. Your central IT people may frown on you a bit .....
    The reply is currently minimized Show
Your Reply