Hi,
Isn't it possible that this is a feature that needs to be added to the
openldap software. Check all the available ldap/fqdn enties in the
keytab,
check how the request comes (which interface) and then use the
appropriate
ldap/fqdn entry?
I have no idea how slapd with gssapi authentication works internally
(how
it
decides which keytab to use or how it finds the machine's hostname), but
maybe the persons writing the code can actually say if it is possible to
add this capability to slapd so that you can have one server with
two/more
interfaces hosting openldap data even if the interfaces resolve to
different hostnames.
This very same problem is present with nfs-utils and I have addressed
this
concern to the CITI project people. They say they will look into adding
support for this to nfs4 on a server that has multiple interfaces with
different host names and keytab entries. This is why I would like the
openldap experts to answer if this may be added to the openldap software
or
if it can/should be done in a different way.
I do not think changing your hostname on your server, when it takes over
with hearbeat is a clean solution, I consider it a workaround.