PingDirectory

Deploying an entry-balancing proxy configuration

Entry-balancing is a PingDirectoryProxy server configuration that allows the entries within a portion of the directory information tree (DIT) to reside on multiple external servers.

This configuration is useful when the DIT contains many millions of entries, which can be difficult to bring completely into memory for optimal performance. Entry-balancing allows entries under a balancing point base distinguished name (DN) to be divided among any number of separate directory servers, making the PingDirectoryProxy server responsible for intelligently routing requests based on the division.

In this example scenario, the entries in the DIT outside of the balancing point are replicated across all external servers known to the PingDirectoryProxy server. You must properly configure replication on the external directory servers before proceeding through this example. The directory servers are expected to contain two replication domains: the global domain, dc=example,dc=com, and the balancing point, ou=people,dc=example,dc=com.

In this deployment scenario, an austin-proxy1 instance of the PingDirectoryProxy server communicates with four external directory servers. The PingDirectoryProxy server is configured to use entry balancing for the ou=people,dc=example,dc=com base DN with two sets of user entries split beneath it. The first set of user entries is defined in the replicated pair of external servers, austin-set1.example.com and newyork-set1.example.com.

The second set of entries is defined in austin-set2.example.com and newyork-set2.example.com. The entries in the dc=example,dc=com DIT outside of the balancing point base DN are replicated among the four external servers.

The following dsreplication status output from the PingDirectory external servers describes the replication configuration that exists before creating the PingDirectoryProxy server configuration.

--- Replication Status for dc=example,dc=com: Enabled ---

Server : Entries : Backlog : Oldest Backlog Change Age : Generation ID
--------:---------:--------:---------------------------:-------------
austin-set1.example.com:389  : 10003   : 0   : N/A  : 722087263
austin-set2.example.com:389  : 10003   : 0   : N/A  : 722087263
newyork-set1.example.com:389 : 10003   : 0   : N/A  : 722087263
newyork-set2.example.com:389 : 10003   : 0   : N/A  : 722087263

--- Replication Status for ou=people,dc=example,dc=com (Set: dataset1): Enabled ---

Server : Entries : Backlog : Oldest Backlog Change Age : Generation ID
--------:---------:---------:---------------------------:-----------------
austin-set1.example.com:389  : 100001  : 0  : N/A               : 178892712
newyork-set1.example.com:389 : 100001  : 0  : N/A               : 178892712

--- Replication Status for ou=people,dc=example,dc=com (Set: dataset2): Enabled ---

Server : Entries : Backlog : Oldest Backlog Change Age : Generation ID
---------:---------:---------:---------------------------:-----------------
austin-set2.example.com:389  : 100001  : 0       : N/A        : 1057593890
newyork-set2.example.com:389 : 100001  : 0       : N/A        : 1057593890