[python-ldap] Load Balance and Redundant LDAP config

Chris Dukes pakraticus at gmail.com
Fri Apr 1 21:17:47 CEST 2011


On Thu, 2011-03-31 at 11:51 +0100, Bob Brandt wrote:
> I apologize if this is not the right place to ask this question...
> 
> I am looking to modify my LDAP scripts to be both Redundant and Load
> Balancing!
> 
> For example I have a RADIUS server which runs a python script to
> retrieve user's attributes from LDAP once they are authenticated.
> 
> Right now, I have a script that has a list of LDAP servers and uses
> the first one that responses, but the problem is all later requests,
> use that single LDAP server. If that server were to fail, the script
> fails.
> 
> I guess my main question is: Is there a preferred method of supplying
> Redundancy and/or Load Balancing? (I don't really want to reinvent the
> wheel)


Yes, and you're at the wrong end of the stack for load balancing.
You use a TCP load balancer[1] or something like OpenLDAP's pcache/proxy
overlay to provide load balancing and, in theory, high availability or
DNS russian roulette (Sorry, round robin).
You could write a TCP load balancer in python, but it'll be lower in the
stack than python-ldap provides.

The next problem is your script lacks robustness.
Let's go for a simpler scenario.  LAN monkey unplugs the ethernet cable
to your single LDAP server for longer than the TCP Timeout period and
plugs it back in again.  Do you want your long running script to
1) Die a horrible death, hey you're good for this.
2) Die but be restarted immediately, supervisord or any number of other
tools.
3) Setup the state required for the last operation and try it again.
Well, you have some trying rewrites to accomplish.

Now there is one failure scenario you might want to test.  If you have
DNS round robin setup and the first N-1 records point to servers that
are up, but not running ldap, what does openldap do and what gets
returned back to python-ldap.

> 
> However, if I must reinvent the wheel, I am thinking along the lines
> of opening multiple connections the each server and programmically
> switching between thed different connections as they come up.
> 
> Does this sound right? Any suggestions?
> Thanks
> Bob
> 
> 
> 
> -- 
> What's the point of having a rapier wit if I can't use it to stab
> people? - Jeph Jacques
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself; 
> WebMatrix provides all the features you need to develop and 
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> _______________________________________________
> Python-LDAP-dev mailing list
> Python-LDAP-dev at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev




More information about the python-ldap mailing list