3. The Big Picture - Configuration Choices

This section gives a brief overview of various LDAP directory configurations, and how your LDAP server (either slapd or ldapd) fits in with the rest of the world.

3.1 LDAP as a local service only

In this configuration, you run a slapd which provides directory service for your local domain only. It does not interact with other directory servers in any way. This configuration is shown in Figure 2.

Figure 2: Local service via slapd configuration.

Use this configuration if you are just starting out (it's the one the quick-start guide makes for you) or if you want to provide a local service and are not interested in connecting to the rest of the world. It's easy to upgrade to another configuration later if you want.

3.2 Local service with X.500 referrals

In this configuration, you run a slapd which provides directory service for your local domain and an ldapd which provides access to the X.500 world (you don't have to run the ldapd yourself - you can just point to somebody else who does and doesn't mind you pointing to their service). This configuration is shown in Figure 3.

Figure 3: Local service via slapd + X.500 referrals configuration

Use this configuration if you want to provide local service but still want to be connected to the rest of the X.500 world. Remember, you don't necessarily have to be running the ldapd in this picture; you just need to find one you can point to.

3.3 LDAP as a front end to X.500

In this configuration, you run an X.500 service which provides directory service for your local domain and gatewaying service to the rest of the X.500 world. LDAP clients gain access to the directory through an ldapd which runs at your site. This configuration is shown in Figure 4.

Figure 4: Local service via X.500 and ldapd configuration

Use this configuration if you are already running an X.500 service. Slapd is not involved in this configuration, so you can probably stop reading this guide.

3.4 Replicated slapd service

The slurpd daemon is used to propagate changes from a master slapd to one or more slave slapds. An example master-slave configuration is shown in figure 5.

Figure 5: Master slapd with two slaves replicated with slurpd

This configuration can be used in conjunction with the first two configurations in situations where a single slapd does not provide the required reliability or availability.


[View Next Section] [View Previous Section] [Return to Table of Contents]

Send comments about this page to: ldap-support@umich.edu