[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7637) Need documentation: LDAP on virtual IP address

Ulrich.Windl@rz.uni-regensburg.de wrote:
> Full_Name: Ulrich Windl
> Version: 2.4.26
> OS: Linux (SLES11 SP2)
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> I was able to set up a master LDAP server and a replication consumer using the
> physical host names and TLS. However when I tried to bind slapd on a virtual IP
> address ("interface alias"), I never got slapd working (even though I fixed the
> certificates for TLS, of course). Dynamic configuration ("cn=config") seems to
> make things very difficult, because slapd ends in a state where _nobody_ can
> make configuration changes.

Use the openldap-technical mailing list to ask for configuration help.

You talk about IP addresses and yet in your quoted text below you are using 
hostnames. Be consistent when you post your question to the mailing list 
otherwise no one will understand what you're asking for.

Closing this ITS.

> It seems slapd tried to use the wrong URI (using the physical host where nobody
> is listening):
> slapd[10036]: slap_client_connect: URI=ldap://phost.domain.org/ Error,
> ldap_start_tls failed (-1)
> slapd[10036]: do_syncrepl: rid=002 rc -1 retrying
> slapd is listening on ldap://vhost.domain.org/ however.
> I read lots of procedures using Google, but could not find the solution for this
> problem. Thus I suggest to add documentation how to configure such a scenario:
> 1) Set up an LDAP Master server that provides service on a specific IP address
> using TLS
> 2) Set up a replication consumer that provides service on a specific IP address
> using TLS also
> 3) The replication consumer should use the address where the master server
> listens for replication
> It sounds like an every-day setup, but I failed multiple times, thus the request
> for documentation.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/