you have several issues here. including at least:
1. when things go wrong, you need to be able to get into the servers to fix them.
for this you really do want to have some user that can login. This could be your sysadmins, it could be root (with security around the root password such as it being randomly generated and access to it audited, etc), or it could be something else. But in any case, you are eventually going to have situations where your network server is not reachable and you need to get into the box to figure out why. Plan on this happening.
2. you need good failover of your LDAP servers.It sounds like you have been doing all your failover based on the clients noticing that one server has gone away and the client then trying a different server.
consider making the failover be more transparent to the clients. Use something like heartbeat to make the backup server take the IP address of the primary server so that the clients just see their TCP connection close and retry it, without having to decide if the server is working or not.
David Lang
Hi everyone -- I'm looking for a sanity check on an attitude/mode of thinking I've picked up. I'm early in my career, and my experience has been exclusively at small shops. I've worked with NIS and LDAP on/for Unix, and I was quickly convinced that One Bag o' Passwords(tm) is the way to go. So far, so good. But I've also seen what happens when the OBOP server goes away, even *with* failover and/or caching, and that's made me leery of depending on it so much. (Example: I've been bitten by mismatches in MTU settings that have left LDAP clients hanging and unable to realize that they should fail over to a backup server.) At my current job, I use LDAP. I've got a room full of servers, most of which are LDAP clients; there are two LDAP servers in that room, and one more off-site. This is *much* better than my previous two jobs, where the backup servers were either on different netblocks, entirely offsite or simply non-existent. But even with that redundancy, I've got into the habit of setting up really important servers so that they're *not* LDAP clients. My reason is that if the LDAP server goes away, I do not want processes to hang, or to be unable to log in. The tradeoff is that I ensure my account shows up using other means (cfengine, automated installation or by hand if I'm in a hurry); since I'm the only sysadmin, and that's not likely to change any time soon, I figure this is reasonable. I've done this with firewalls, my backup server, monitoring servers (Nagios, Cacti, etc) and the VM host. So...what do you think? *Is* this reasonable? Is it stupid, or is this one of those "It depends" questions? Is it just a question of tweaking caching/failover settings? What do you do, and how big is the environment where you do it? Thanks, Hugh -- Hugh Brown http://saintaardvarkthecarpeted.com Because the plural of Anecdote is Myth.
signature.asc
Description: Digital signature
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
