[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7637) Need documentation: LDAP on virtual IP address
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7637) Need documentation: LDAP on virtual IP address
- From: hyc@symas.com
- Date: Thu, 4 Jul 2013 15:32:09 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Ulrich.Windl@rz.uni-regensburg.de wrote:
> Full_Name: Ulrich Windl
> Version: 2.4.26
> OS: Linux (SLES11 SP2)
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (132.199.152.129)
>
>
> I was able to set up a master LDAP server and a replication consumer using the
> physical host names and TLS. However when I tried to bind slapd on a virtual IP
> address ("interface alias"), I never got slapd working (even though I fixed the
> certificates for TLS, of course). Dynamic configuration ("cn=config") seems to
> make things very difficult, because slapd ends in a state where _nobody_ can
> make configuration changes.
Use the openldap-technical mailing list to ask for configuration help.
You talk about IP addresses and yet in your quoted text below you are using
hostnames. Be consistent when you post your question to the mailing list
otherwise no one will understand what you're asking for.
Closing this ITS.
> It seems slapd tried to use the wrong URI (using the physical host where nobody
> is listening):
> slapd[10036]: slap_client_connect: URI=ldap://phost.domain.org/ Error,
> ldap_start_tls failed (-1)
> slapd[10036]: do_syncrepl: rid=002 rc -1 retrying
>
> slapd is listening on ldap://vhost.domain.org/ however.
>
> I read lots of procedures using Google, but could not find the solution for this
> problem. Thus I suggest to add documentation how to configure such a scenario:
>
> 1) Set up an LDAP Master server that provides service on a specific IP address
> using TLS
> 2) Set up a replication consumer that provides service on a specific IP address
> using TLS also
> 3) The replication consumer should use the address where the master server
> listens for replication
>
> It sounds like an every-day setup, but I failed multiple times, thus the request
> for documentation.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/