On Mon, 10 Sep 2007, Tim Mooney wrote: >>> Our clients do NOT update LDAP though -- to them it's read only. >> >> ah. Important difference, but good to know it's been done. > > Yeah, it is. When clients can update LDAP, balancing becomes much more > tricky.
people spent years trying to figure out how to connect through LVS to multiple Windows domain servers (with all the peer - rather than client/server - write problems), till someone figured out that it would work if you restricted yourself to (ro). >> anything special we should know? > > No, it's pretty standard. Original setup was done by > someone else, but openldap was the first service we used > LVS for, before even http. We've been using LVS-DR with > OpenLDAP for at least 5 years, probably closer to 7. > >> Is it only one port? > > For now, yeah. Clients don't need to bind and can't > retrieve anything that's sensitive, so we're only doing > ldap (no ldaps). > >> what's the output of `ipvsadm` look like? > > We have additional balanced services beyond LDAP, but the > LDAP portion looks like: > > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP vs2.ndsu.NoDak.edu:ldap lc > -> obscured2.NoDak.edu:ldap Route 1 16 982 > -> obscured1.NoDak.edu:ldap Route 1 17 984 OK > If you do an ldapsearch against our directory, you're getting our LVS-DR > openldap: > > ldapsearch -x -LLL -h ldap.nodak.edu -b dc=ndsu,dc=nodak,dc=edu \ > uid=mooney I'm not an ldap person, but I assume that vs2.ndsu.x.x. and ldap.x.x are the same machine? > There's another organization co-located with the IT organization here at > the university, and they've also been running LVS-DR in front of their > openldap directory for nearly as along as we have. > > LDAP is a critical component of Hurderos, which we've been using since > its inception. Hence the need for a highly-available LDAP. I take it that there's no replication between ldap servers like you can so with mysql servers? Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
