On Tue, 26 Aug 2008, Bryan Aldridge wrote:
> Hi,
>
> I found some cases of others using LDAP with LVS-DR with
> good results on the list here, and initially I was having
> good results as well.
I looked back about a year and didn't find anything. Can you
point me to the posting? The only one I know is the
read-only LDAP server by Tim Mooney.
> Then one day I learned that the connections being made to
> LDAP through LVS were never expiring or timing out.
have no idea what that's about. You may have to tcpdump a
single connect-disconnect through LVS and then without LVS,
to see what's happening. I assume this same setup works for
another single port service like http?
It looks like the connection is hung waiting for something
to happen before it can be terminated. Is something else
requiring a connection, identd? ldaps?
> All connections were "Active Connections" unlike the example in the
> post I saw in the archives. Also, running a
>
> netstat -ao | grep -c "ldap"
>
> on both the realservers shows upwards of a thousand connections!
this is a new one on me.
> At this point, the real servers begin dropping all further
> incoming LDAP connections until that number comes down.
> (I simply get a ldap_result: Can't contact LDAP server
> (-1))
I got a similar error with failover dhcpd servers once. I
never figured out what was going on. I didn't look with
netstat though.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|