[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7637) Need documentation: LDAP on virtual IP address

Full_Name: Ulrich Windl
Version: 2.4.26
OS: Linux (SLES11 SP2)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I was able to set up a master LDAP server and a replication consumer using the
physical host names and TLS. However when I tried to bind slapd on a virtual IP
address ("interface alias"), I never got slapd working (even though I fixed the
certificates for TLS, of course). Dynamic configuration ("cn=config") seems to
make things very difficult, because slapd ends in a state where _nobody_ can
make configuration changes.

It seems slapd tried to use the wrong URI (using the physical host where nobody
is listening):
slapd[10036]: slap_client_connect: URI=ldap://phost.domain.org/ Error,
ldap_start_tls failed (-1)
slapd[10036]: do_syncrepl: rid=002 rc -1 retrying

slapd is listening on ldap://vhost.domain.org/ however.

I read lots of procedures using Google, but could not find the solution for this
problem. Thus I suggest to add documentation how to configure such a scenario:

1) Set up an LDAP Master server that provides service on a specific IP address
using TLS
2) Set up a replication consumer that provides service on a specific IP address
using TLS also
3) The replication consumer should use the address where the master server
listens for replication

It sounds like an every-day setup, but I failed multiple times, thus the request
for documentation.