On Tue, 3 Feb 2009, Francis Swasey wrote:
failure mode. It works with ldaps://ldap.uvm.edu and fails with
ldaps://<realname>.uvm.edu. Which is "OK" for my purposes.
I'd really like to be able to have both work, but perhaps cyrus-sasl
will change at some point in the future to support the kind of
trickery that really happens out here in the world.
I'm not so sure I agree with this. In theory, when you're doing load
balancing through a VIP, all the real servers should appear absolutely
identical. You don't *want* the clients to be able to see which real
they're getting. If one of them processes requests as rs1 and a
different one doesn't...that's a failure of the load balancing
configuration, IMO.
With that said, I'll of course note that in practice, theory and
practice don't always agree. But it looks like they do in this case,
and I can't see what the negative would be.