Hi Folks,
beeing really new to UCS I feel it difficult to get the basic concept how to deploy apps and use the central management capabilities of UCS.
We actually run a split of applications (website at our provider, nextcluoud, CRM, etc. on an internal servers) and ldap / DC also internal. The Webserver is using our intenal ldap for usermanagement connected through VPN and also the internal apps use this central ldap. With this setup we avoid having userdata and password on the same machine like the website or our intenal apps.
My question is now if / how we could have the same setup with UCS. Will it be possible to have one UCS server beeing the ldap / DC and setup other UCS server providing the apps without having a local ldap?
Could someone give some feedback on this?
best,
Mat
Hi and welcome.
UCS offers four roles:
- Master - only writeable instance of LDAP data
- Backup - full copy of master data, kept for syncing and fallback scenarios; syncing from master
- Slave - full copy of master data, can be restricted; syncing from master or backups
- Member - does not have a local LDAP copy; every user authentications goes through one of the above types
Having said this, you could install a master server to have just your user data. And then you could join multiple member server hosting the apps.
But keep in mind the master server then does evry authentification request. Depending on the amount of users this could put some load on the server and would slow down the apps. To prevent you should install a backup server (anyways a good idea!) for load balancing.
So, yes this is possible.
/CV