Hi Petr, As this is not my topic it's for me quite "simple".
I need to post to /ipa/json through a loadbalancer, nothing more. i have ldap-01.domain.tld (ipa1) ldap-01.domain.tld (ipa2) and my loadbalancer is ldap.domain.tld ldap requests over a loadbalancer are quite simple and working, but the json part is more difficult because of the ticket and the dns name. I have added a san ldap.domain.tld to the webgui and there is a http/ldap.domain.tld service on the ipa server. I get a nonvalid kerberos ticket when I go through ldap.domain.tld to ldap-01.domain.tld, but when I change my script to ldap-01.domain.tld after it failed my ticket is OK for ldap-01.domain.tld and works. Is this enough information for you ? Cheers, Matt 2015-03-31 14:21 GMT+02:00 Petr Spacek <pspa...@redhat.com>: > On 31.3.2015 14:02, Matt . wrote: >> HI Phasant, >> >> Check my mailings about it, it's not easy at least the kerberos part >> not, SRV records are used for that normally. >> >> Are you talking about the webgui or the ldap part ? > > I would recommend you to step back and describe use-case you have in mind. It > is important for us to understand to your use-case to propose optimal > solution. > > Petr^2 Spacek > >> Cheers, >> >> Matt >> >> 2015-03-31 13:56 GMT+02:00 Prashant Bapat <prash...@apigee.com>: >>> Hi, >>> >>> I'm trying to get 2 FreeIPA servers in a replicated mode behind a load >>> balancer, specifically Amazon ELB. >>> >>> I started with editing the /etc/httpd/conf.d/ipa-rewrite.conf but looks like >>> there is more to it than just this file. >>> >>> Any suggestions ? >>> >>> Thanks. >>> --Prashant > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
