[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple Slave LDAP Servers





--On Sunday, August 08, 2004 1:35 AM -0400 Daniel Henninger <daniel@unity.ncsu.edu> wrote:

Folk,

So...  here's the question.  How do I go about having replicated slave
servers and yet still be able to use GSSAPI?  Who else is doing
replicated slave servers and GSSAPI and how are you going about it?
Would a round-robin CNAME be a better route to go?  The round-robin
cnames are working just great.  We've noticed that lots of other folk are
using LDAP via LVS, but are any of you also using GSSAPI through LVS to
LDAP?  ;)

Daniel,

You can't do this. The servers need to have ldap/<REAL HOST NAME HERE> principals.

I have this all working here at stanford.

Our load balance name is: ldap.stanford.edu

The master replicates to the hostnames:

ldap1.stanford.edu
--
ldap9.stanford.edu

(We have 9 replica's).

Note that you can have multiple principals in a keytab file, so you can have both ldap/ldap.ncsu.edu and ldap/<HOST>.ncsu.edu in the same file. This should fix your issues, as long as you have the master replicating to the specific host names, not the load balanced host names.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html