Can you use the LDAP Proxy server to connect 2 data Centres

This topic has 4 replies, 3 voices, and was last updated 3 years, 4 months ago by Ludo.

  • Author
  • #25246

    We are moving out of one of our existing data centres to the Cloud. We require continuous secure replication between our existing data centre and the Cloud until the whole service can be moved over. Although I want the data to be replicated i would not want the cn=servers cn=admin and schema information to be replicated. Can I use the LDAP proxy to provide the replication channel between 2 RS Servers.



    The Replication protocol is not using LDAP and thus, it’s not possible to use an LDAP proxy to provide the replication channel between RS servers.

    Replication cannot work if “cn=admin data” is not replicated across all servers.

    As for the schema, we don’t have a way to disable schema replication for now. Why don’t you want the schema to be replicated between servers ?


    I want to keep the old existing LDAP version at 263 with the new data centre being at an upgraded 5.5. Would like to keep the schema separate as we may have to add new schem entries during the upgrade to take in new functionality.



    You mentioned there isn’t a way to disable schema replication, but in the documentation when upgrading replication servers, it mentions the --noSchemaReplication parameter specifically for a case like @richardabbottnhs-net is attempting. Would that flag not be applicable in this case for some reason?

    DS 5.5 mixed topology replication


    Correct, I forgot about this flag. The --noSchemaReplication would help with not enabling replication of schema with the new servers.

    IMO, when adding new schema elements, there should be no impact to existing server (since no data uses the new schema). It’s only when modifying existing schema definition, that there could be an issue, if and only if modifications are not backward compatible (ie. a new attribute becomes mandatory in an objectClass).

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?