Hi, I'm having a bit of an issue implementing LDAP into my existing LVS-DR setup. Basically we have here around 30-40 linux clients that authenticate via LDAP. Originally I was running a single LDAP server with no failover, then as we got more dependent on LDAP, I figured it would be a good idea to load balance LDAP, and at the same time have failover. I found some cases of others using LDAP with LVS-DR with good results on the list here, and initially I was having good results as well. Then one day I learned that the connections being made to LDAP through LVS were never expiring or timing out. With the LVS+LDAP configuration i saw ipvsadm output like this:
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP ldap-lvs:ldap rr -> ldap1:ldap Route 1 289 0 -> ldap2:ldap Route 1 287 0 All connections were "Active Connections" unlike the example in the post I saw in the archives. Also, running a netstat -ao | grep -c "ldap" on both the realservers shows upwards of a thousand connections! At this point, the real servers begin dropping all further incoming LDAP connections until that number comes down. (I simply get a ldap_result: Can't contact LDAP server (-1)) When using LDAP outside of LVS, i never have this issue, as the number of connections in netstat is consistently around 30 (same as the number of clients I have) Is there a way I can get the connections to be "InActConn" instead of "ActiveConn"? Thanks! -Bryan _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
