[lvs-users] LDAP and LVS-DR problems

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] LDAP and LVS-DR problems
From: "Bryan Aldridge" <bealdrid@xxxxxxxxx>
Date: Tue, 26 Aug 2008 14:51:02 -0400

I'm having a bit of an issue implementing LDAP into my existing LVS-DR
setup.  Basically we have here around 30-40 linux clients that
authenticate via LDAP.  Originally I was running a single LDAP server
with no failover, then as we got more dependent on LDAP, I figured it
would be a good idea to load balance LDAP, and at the same time have
failover.  I found some cases of others using LDAP with LVS-DR with
good results on the list here, and initially I was having good results
as well.   Then one day I learned that the connections being made to
LDAP through LVS were never expiring or timing out.  With the LVS+LDAP
configuration i saw ipvsadm output like this:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  ldap-lvs:ldap rr
  -> ldap1:ldap  Route   1     289       0
  -> ldap2:ldap  Route   1     287       0

All connections were "Active Connections" unlike the example in the
post I saw in the archives.  Also, running a

 netstat -ao | grep -c "ldap"

on both the realservers shows upwards of a thousand connections!  At
this point, the real servers begin dropping all further incoming LDAP
connections until that number comes down.  (I simply get a
ldap_result: Can't contact LDAP server (-1))

When using LDAP outside of LVS, i never have this issue, as the number
of connections in netstat is consistently around 30 (same as the
number of clients I have)

Is there a way I can get the connections to be "InActConn" instead of


<Prev in Thread] Current Thread [Next in Thread>