[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Multiple Slave LDAP Servers
Folk,
Ok, so... I'm running into some issues trying to get my LDAP servers to
behave correctly. So let me start off by explaining the setup I'm going
for, and then go into the problem I'm running into. I have one server
that's set to be a master. I have 2 slaves (soon to be more). So slaves
will answer as ldap.ncsu.edu. Master answers as ldap-master.ncsu.edu.
This is -not- their real hostnames, but a second ip address they answer
as. I am using a Linux Virtual Server (www.linux-ha.org) Ldirector setup
to send requests to the correct slave ldap server. (ldap-master is not
behind LVS, it is a simple cname to the real name of the master server)
Anyway, so here's the deal. Everything works fine -except- GSSAPI.
I can do simple binds and everything. So, if I use ldapsearch -Y GSSAPI,
I get the correct ldap/ldap.ncsu.edu key, but on the slave LDAP server I
get:
Aug 8 00:19:57 uni02ds.unity.ncsu.edu slapd[15733]: [ID 668004 local4.debug] SASL [conn=110] Failure: GSSAPI Error: Miscellaneous failure (Wrong principal in request)
Aug 8 00:19:57 uni02ds.unity.ncsu.edu slapd[15733]: [ID 246281 local4.debug] send_ldap_result: conn=110 op=0 p=3
Aug 8 00:19:57 uni02ds.unity.ncsu.edu slapd[15733]: [ID 291653 local4.debug] send_ldap_result: err=49 matched="" text="SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context"
So... here's the question. How do I go about having replicated slave
servers and yet still be able to use GSSAPI? Who else is doing replicated
slave servers and GSSAPI and how are you going about it? Would a
round-robin CNAME be a better route to go? The round-robin cnames are
working just great. We've noticed that lots of other folk are using LDAP
via LVS, but are any of you also using GSSAPI through LVS to LDAP? ;)
Daniel
--
/\\\----------------------------------------------------------------------///\
\ \\\ Daniel Henninger http://www.vorpalcloud.org/ /// /
\_\\\ North Carolina State University - Systems Programmer ///_/
\\\ Information Technology <IT> ///
"""--------------------------------------------------------------"""