Hi Petr,

As this is not my topic it's for me quite "simple".

I need to post to /ipa/json through a loadbalancer, nothing more.

i have

ldap-01.domain.tld (ipa1)
ldap-01.domain.tld (ipa2)

and my loadbalancer is ldap.domain.tld

ldap requests over a loadbalancer are quite simple and working, but
the json part is more difficult because of the ticket and the dns
name. I have added a san ldap.domain.tld to the webgui and there is a
http/ldap.domain.tld service on the ipa server.

I get a nonvalid kerberos ticket when I go through ldap.domain.tld to
ldap-01.domain.tld, but when I change my script to ldap-01.domain.tld
after it failed my ticket is OK for ldap-01.domain.tld and works.

Is this enough information for you ?

Cheers,

Matt



2015-03-31 14:21 GMT+02:00 Petr Spacek <pspa...@redhat.com>:
> On 31.3.2015 14:02, Matt . wrote:
>> HI Phasant,
>>
>> Check my mailings about it, it's not easy at least the kerberos part
>> not, SRV records are used for that normally.
>>
>> Are you talking about the webgui or the ldap part ?
>
> I would recommend you to step back and describe use-case you have in mind. It
> is important for us to understand to your use-case to propose optimal 
> solution.
>
> Petr^2 Spacek
>
>> Cheers,
>>
>> Matt
>>
>> 2015-03-31 13:56 GMT+02:00 Prashant Bapat <prash...@apigee.com>:
>>> Hi,
>>>
>>> I'm trying to get 2 FreeIPA servers in a replicated mode behind a load
>>> balancer, specifically Amazon ELB.
>>>
>>> I started with editing the /etc/httpd/conf.d/ipa-rewrite.conf but looks like
>>> there is more to it than just this file.
>>>
>>> Any suggestions ?
>>>
>>> Thanks.
>>> --Prashant
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to