[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple Slave LDAP Servers

--On Sunday, August 08, 2004 1:35 AM -0400 Daniel Henninger <daniel@unity.ncsu.edu> wrote:


So...  here's the question.  How do I go about having replicated slave
servers and yet still be able to use GSSAPI?  Who else is doing
replicated slave servers and GSSAPI and how are you going about it?
Would a round-robin CNAME be a better route to go?  The round-robin
cnames are working just great.  We've noticed that lots of other folk are
using LDAP via LVS, but are any of you also using GSSAPI through LVS to
LDAP?  ;)


You can't do this. The servers need to have ldap/<REAL HOST NAME HERE> principals.

I have this all working here at stanford.

Our load balance name is: ldap.stanford.edu

The master replicates to the hostnames:


(We have 9 replica's).

Note that you can have multiple principals in a keytab file, so you can have both ldap/ldap.ncsu.edu and ldap/<HOST>.ncsu.edu in the same file. This should fix your issues, as long as you have the master replicating to the specific host names, not the load balanced host names.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html