[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Multiple Slave LDAP Servers
--On Sunday, August 08, 2004 1:35 AM -0400 Daniel Henninger
<daniel@unity.ncsu.edu> wrote:
Folk,
So... here's the question. How do I go about having replicated slave
servers and yet still be able to use GSSAPI? Who else is doing
replicated slave servers and GSSAPI and how are you going about it?
Would a round-robin CNAME be a better route to go? The round-robin
cnames are working just great. We've noticed that lots of other folk are
using LDAP via LVS, but are any of you also using GSSAPI through LVS to
LDAP? ;)
Daniel,
You can't do this. The servers need to have ldap/<REAL HOST NAME HERE>
principals.
I have this all working here at stanford.
Our load balance name is: ldap.stanford.edu
The master replicates to the hostnames:
ldap1.stanford.edu
--
ldap9.stanford.edu
(We have 9 replica's).
Note that you can have multiple principals in a keytab file, so you can
have both ldap/ldap.ncsu.edu and ldap/<HOST>.ncsu.edu in the same file.
This should fix your issues, as long as you have the master replicating to
the specific host names, not the load balanced host names.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html