How is the Selection for the Sync-Source of LDAP-Replication Done?
The synchronization of the LDAP data depends on the type of server. In any case it re-selects the server if the current one can not be reached (autmated failover).
No replication needed as the master holds the authoritative data.
All backup servers synchronize with the master.
Every slave selects the server to sync with from the list of backup servers and the master server. The selection is more or less selected by random based on the entries of the UCR-variables:
root@lenaedu:~# ucr get ldap/backup backup.schulen.ucs backup2.schulen.ucs root@lenaedu:~# ucr get ldap/master master.schulen.ucs root@lenaedu:~#
A member server does not have a local copy of the LDAP database and therefore does not need to sync to LDAP. But a member-server might need data from LDAP anyways (ie share configuration) and therefore needs to get the data from the LDAP servers, too. The selection from which servers the data is fetched is similar to the one for the slave servers.
You can configure a server to synchronize from manually:
ucr set notifier/server=backup2.schulen.ucs
Thus, the above automatically selection does not apply.
Note: If set manually there is no failover possible in case of issues reaching the manually selected server.
Note: Authentication is independent of these settings. See this article for details on authentication targets.