|
Hi,
I'm having a bit of an issue implementing LDAP into my existing LVS-DR
setup. Basically we have here around 30-40 linux clients that
authenticate via LDAP. Originally I was running a single LDAP server
with no failover, then as we got more dependent on LDAP, I figured it
would be a good idea to load balance LDAP, and at the same time have
failover. I found some cases of others using LDAP with LVS-DR with
good results on the list here, and initially I was having good results
as well. Then one day I learned that the connections being made to
LDAP through LVS were never expiring or timing out. With the LVS+LDAP
configuration i saw ipvsadm output like this:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP ldap-lvs:ldap rr
-> ldap1:ldap Route 1 289 0
-> ldap2:ldap Route 1 287 0
All connections were "Active Connections" unlike the example in the
post I saw in the archives. Also, running a
netstat -ao | grep -c "ldap"
on both the realservers shows upwards of a thousand connections! At
this point, the real servers begin dropping all further incoming LDAP
connections until that number comes down. (I simply get a
ldap_result: Can't contact LDAP server (-1))
When using LDAP outside of LVS, i never have this issue, as the number
of connections in netstat is consistently around 30 (same as the
number of clients I have)
Is there a way I can get the connections to be "InActConn" instead of
"ActiveConn"?
Thanks!
-Bryan
|
