LDAP
""""

Schéma de base
''''''''''''''

.. graphviz::

  digraph "arch" {
    nodesep=0.6;
    ranksep=1.7;
   subgraph cluster_client {
    label="Client";
    "client"[label="sssd"];
   }
   subgraph cluster_mgmtclient {
    label="Management node";
    "client2"[label="sssd"];
   }
    subgraph cluster_proxy1 {
      label="Proxy 1"
      "haproxy_1"[label="haproxy"];
    }
    subgraph cluster_proxy2 {
      label="Proxy 2"
      "haproxy_2"[label="haproxy"];
    }
   subgraph cluster_slapd3 {
    label="Worker Hypervisor";
    "server1"[label="slapd"];
   }
   subgraph cluster_slapd4 {
    label="Worker Hypervisor";
    "server2"[label="slapd"];
   }
   subgraph cluster_slapd5 {
    label="Worker Hypervisor";
    "server3"[label="slapd"];
   }

   subgraph cluster_slapd_fuse {
    label="Top Hypervisor";
    "server5"[label="slapd"];
   }

   "upstream"[label="upstream slapd",style=dotted];
   client -> haproxy_1 [color=blue];
   client2 -> haproxy_2 [color=green];
   haproxy_1 -> server1[color=blue];
   haproxy_1 -> server2[color="blue:green",style=dotted];
   haproxy_1 -> server3[color="blue:green",style=dotted];
   haproxy_2 -> server1[color="blue:green",style=dotted];
   haproxy_2 -> server2[color=green];
   haproxy_2 -> server3[color="blue:green",style=dotted];
   client -> haproxy_2 [color=blue,style=dotted];
   client2 -> haproxy_1 [color=green,style=dotted];
   server1 -> server5[color=red];
   server2 -> server5[color=red];
   server3 -> server5[color=red];
   server5 -> upstream[color=red,label="schema checking"];

  { rank = sink;
    Legend [shape=none, margin=0, label=<
    <TABLE BORDER="0" CELLBORDER="1" CELLSPACING="0" CELLPADDING="4">
     <TR>
      <TD COLSPAN="2"><B>Legend</B></TD>
     </TR>
     <TR>
      <TD>Client access</TD>
      <TD BGCOLOR="BLUE"></TD>
     </TR>
     <TR>
      <TD>Mgmt client access</TD>
      <TD BGCOLOR="GREEN"></TD>
     </TR>
     <TR>
      <TD>Replication</TD>
      <TD BGCOLOR="RED"></TD>
     </TR>
    </TABLE>
   >];
  }

 }

Description
'''''''''''
The idea is to re-use the two `HAProxys` as load balancer for the slapd servers. The same load balancer will be used for the management machines. The `sssd deamon` of the clients will be configured with 3 different URLs: 
* 1 DNS round robin  
* First HAProxy 
* Second HAProxy 

By doing so we make sure that the `sssd` switches nicely between the different `slapd` services. Please note that the configuration of `sssd` should make sure that always one server is available (no `offline mode` possible).  

We can use an additional `slapd` server as « fuse » in case of duplication trouble. This “fuse” `sladp` service has to run on one of the TOP hypervisors and will serve as source for all `sladp` services. Moreover, the `slapd` servers used by the `sssd` clients will be configured with a data base in memory as to increase their performance. 

Only one `slapd` will be deployed per island, and only one "fuse" `slapd` will be deployed for the whole system. 


.. raw:: latex

  \clearpage