Re: [lvs-users] LDAP and LVS-DR problems

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LDAP and LVS-DR problems
From: "Bryan Aldridge" <bealdrid@xxxxxxxxx>
Date: Tue, 26 Aug 2008 17:32:45 -0400
Joe thanks for the reply!  Tim Mooney's post was the one I was
referring to.  In his post here
you can see his output and how he has a high number of inactive
connections, where as mine is the opposite.  I am using TLS, but
nothing is going through ldaps://, that is port 636.  Read-only is
what I'm after here too.  Good thinking on the TCPdump.  I may give
that a shot.  Actually I have a virtual http server set up as well
using DR, and its working great - shows lots of inactive connections
(like it should).


On Tue, Aug 26, 2008 at 5:16 PM, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:
> On Tue, 26 Aug 2008, Bryan Aldridge wrote:
>> Hi,
>> I found some cases of others using LDAP with LVS-DR with
>> good results on the list here, and initially I was having
>> good results as well.
> I looked back about a year and didn't find anything. Can you
> point me to the posting? The only one I know is the
> read-only LDAP server by Tim Mooney.
>> Then one day I learned that the connections being made to
>> LDAP through LVS were never expiring or timing out.
> have no idea what that's about. You may have to tcpdump a
> single connect-disconnect through LVS and then without LVS,
> to see what's happening. I assume this same setup works for
> another single port service like http?
> It looks like the connection is hung waiting for something
> to happen before it can be terminated. Is something else
> requiring a connection, identd? ldaps?
>> All connections were "Active Connections" unlike the example in the
>> post I saw in the archives.  Also, running a
>> netstat -ao | grep -c "ldap"
>> on both the realservers shows upwards of a thousand connections!
> this is a new one on me.
>> At this point, the real servers begin dropping all further
>> incoming LDAP connections until that number comes down.
>> (I simply get a ldap_result: Can't contact LDAP server
>> (-1))
> I got a similar error with failover dhcpd servers once. I
> never figured out what was going on. I didn't look with
> netstat though.
> Joe
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at
> Homepage It's GNU/Linux!
> _______________________________________________
> mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to

<Prev in Thread] Current Thread [Next in Thread>