Hallo everybody, I am evaluating now a possibility of load balancing between several ldap servers. I imagine each ldap server will bind to its own ip address. LDAP client will try to connect to ip address of the loadbalancer and the loadbalancer will distribute requests between ip address of ldap servers.
If I use GSSAPI to authenticate my clients against ldap servers, I am afraid I will get in troubles, as my clients will ask for ticket for ldap/[EMAIL PROTECTED] although they will be connected to ldapservers with principals like ldap/[EMAIL PROTECTED] or ldap/[EMAIL PROTECTED] which may cause problems. To workaround it I could try to put in keytab of the ldap servers on [EMAIL PROTECTED] and [EMAIL PROTECTED] keys of the principal ldap/[EMAIL PROTECTED] However in such case I think I will not be able to bind directly to the ldap servers (not via loadbalancer) as my clients will ask for tickets like ldap/[EMAIL PROTECTED] or ldap/[EMAIL PROTECTED] Probably it is possible to assign same keys to three different principals ldap/[EMAIL PROTECTED], ldap/[EMAIL PROTECTED], and ldap/[EMAIL PROTECTED] but I don't know how I can do it. Is there any standard way of organizing loadbalancing between kerberized services? Thanx a lot and best regards, vadim tarassov. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
