Re: [lvs-users] Highly available ldap

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] Highly available ldap
From:	Joseph Mack NA3T <jmack@xxxxxxxx>
Date:	Mon, 10 Sep 2007 15:46:32 -0700 (PDT)

On Mon, 10 Sep 2007, Tim Mooney wrote:

>>> Our clients do NOT update LDAP though -- to them it's read only.
>>
>> ah. Important difference, but good to know it's been done.
>
> Yeah, it is.  When clients can update LDAP, balancing becomes much more
> tricky.

people spent years trying to figure out how to connect 
through LVS to multiple Windows domain servers (with all the 
peer - rather than client/server - write problems), till 
someone figured out that it would work if you restricted 
yourself to (ro).


>> anything special we should know?
>
> No, it's pretty standard.  Original setup was done by 
> someone else, but openldap was the first service we used 
> LVS for, before even http.  We've been using LVS-DR with 
> OpenLDAP for at least 5 years, probably closer to 7.
>
>> Is it only one port?
>
> For now, yeah.  Clients don't need to bind and can't 
> retrieve anything that's sensitive, so we're only doing 
> ldap (no ldaps).
>
>> what's the output of `ipvsadm` look like?
>
> We have additional balanced services beyond LDAP, but the 
> LDAP portion looks like:
>
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  vs2.ndsu.NoDak.edu:ldap lc
>   -> obscured2.NoDak.edu:ldap       Route   1      16         982
>   -> obscured1.NoDak.edu:ldap       Route   1      17         984

OK

> If you do an ldapsearch against our directory, you're getting our LVS-DR
> openldap:
>
>       ldapsearch -x -LLL -h ldap.nodak.edu -b dc=ndsu,dc=nodak,dc=edu \
>               uid=mooney

I'm not an ldap person, but I assume that vs2.ndsu.x.x. and 
ldap.x.x are the same machine?

> There's another organization co-located with the IT organization here at
> the university, and they've also been running LVS-DR in front of their
> openldap directory for nearly as along as we have.
>
> LDAP is a critical component of Hurderos, which we've been using since
> its inception.  Hence the need for a highly-available LDAP.

I take it that there's no replication between ldap servers 
like you can so with mysql servers?

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Highly available ldap, Penza Kenneth at MITTS Re: [lvs-users] Highly available ldap, Joseph Mack NA3T Re: [lvs-users] Highly available ldap, Tim Mooney Re: [lvs-users] Highly available ldap, Joseph Mack NA3T Re: [lvs-users] Highly available ldap, Tim Mooney Re: [lvs-users] Highly available ldap, Joseph Mack NA3T <= Re: [lvs-users] Highly available ldap, Tim Mooney

Previous by Date:	[lvs-users] keepalived, Andre Weitekamp
Next by Date:	Re: [lvs-users] keepalived, Joseph Mack NA3T
Previous by Thread:	Re: [lvs-users] Highly available ldap, Tim Mooney
Next by Thread:	Re: [lvs-users] Highly available ldap, Tim Mooney
Indexes:	[Date] [Thread] [Top] [All Lists]