The central element of every identity management system is usually a directory service, a repository that stores and manages information like user profiles and access privileges, and network resources. Univention Corporate Server (UCS) uses OpenLDAP for this task.
If the directory service is down, many other services are no longer available. In this article we are going to show you how to plan a fail-safe environment for your UCS domain with LDAP replication, i.e., storing an exact copy of the data on multiple servers – this improves the reliability as well as the performance.
Advantages of LDAP Replication
Especially larger companies or organizations located in several geographies should consider their fail-safe and load-balancing strategies, but it also makes sense for smaller environments. LDAP replication automatically distributes all data between the servers which means that all databases are always up-to-date. If the primary server with the directory service is down, another server can step in and take over. Having a second machine can also improve general performance.
It’s not very complicated to set up LDAP replication in a UCS domain, merely use the Univention Management Console (UMC). Before we explain the detailed configuration, let’s have a look at the UCS system roles