[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple Slave LDAP Servers

To: daniel@ncsu.edu, openldap-software@OpenLDAP.org
Subject: Re: Multiple Slave LDAP Servers
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Sun, 08 Aug 2004 00:02:13 -0700
Content-disposition: inline
In-reply-to: <Pine.GSO.4.60.0408080018270.19949@ghidora.unity.ncsu.edu>
References: <Pine.GSO.4.60.0408080018270.19949@ghidora.unity.ncsu.edu>

--On Sunday, August 08, 2004 1:35 AM -0400 Daniel Henninger <daniel@unity.ncsu.edu> wrote:

Folk,

So...  here's the question.  How do I go about having replicated slave
servers and yet still be able to use GSSAPI?  Who else is doing
replicated slave servers and GSSAPI and how are you going about it?
Would a round-robin CNAME be a better route to go?  The round-robin
cnames are working just great.  We've noticed that lots of other folk are
using LDAP via LVS, but are any of you also using GSSAPI through LVS to
LDAP?  ;)


Daniel,

You can't do this. The servers need to have ldap/<REAL HOST NAME HERE> principals.

I have this all working here at stanford.

Our load balance name is: ldap.stanford.edu

The master replicates to the hostnames:

ldap1.stanford.edu
--
ldap9.stanford.edu

(We have 9 replica's).

Note that you can have multiple principals in a keytab file, so you can have both ldap/ldap.ncsu.edu and ldap/<HOST>.ncsu.edu in the same file. This should fix your issues, as long as you have the master replicating to the specific host names, not the load balanced host names.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Multiple Slave LDAP Servers
  - From: Daniel Henninger <daniel@unity.ncsu.edu>

References:
- Multiple Slave LDAP Servers
  - From: Daniel Henninger <daniel@unity.ncsu.edu>

Prev by Date: Multiple Slave LDAP Servers
Next by Date: Re: Multiple Slave LDAP Servers
Index(es):
- Chronological
- Thread