Non-STOP PKI, Non-STOP LDAP and other security issues

Derek Martin ddm at mclinux.com
Tue Apr 4 10:02:16 MDT 2000


On Sat, 1 Apr 2000, Dominique Chabord wrote:

> Derek:
> Can we have several replicated copies of LDAP data ? for example two local
> copies for high availability inside a site and another two copies in a
> remote mirror site ? Is it as safe against hackers when data are replicated
> as when they are kept private on a local disk ? Is replication encrypted ?

Well, since I haven't actually gone beyond poking through some docs, 
you're asking me to get in over my head... but as far as I understand it,
you can have an infinite number of LDAP servers replicate from your
master.  Of course, if you really had so many, they'd spend all their time
replicating...

As for the safety of the data, I can't say.  I'm not aware wether it uses
any kind of encryption or not, and I don't remember reading anything one
way or the other. But then, when I was looking at LDAP, I really hadn't
gotten to the stage where I was ready to consider replication. You can
skirt the issue of encryptiion by using some sort of encrypted tunnel,
i.e. VPN, between your LDAP machines.


-- 
Derek Martin
System Administrator
Mission Critical Linux
martin at MissionCriticalLinux.com 




More information about the Linux-HA mailing list