Re: [lvs-users] LDAP and LVS-DR problems

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] LDAP and LVS-DR problems
From:	"Bryan Aldridge" <bealdrid@xxxxxxxxx>
Date:	Tue, 26 Aug 2008 17:32:45 -0400

Joe thanks for the reply!  Tim Mooney's post was the one I was
referring to.  In his post here
http://archive.linuxvirtualserver.org/html/lvs-users/2007-09/msg00036.html
you can see his output and how he has a high number of inactive
connections, where as mine is the opposite.  I am using TLS, but
nothing is going through ldaps://, that is port 636.  Read-only is
what I'm after here too.  Good thinking on the TCPdump.  I may give
that a shot.  Actually I have a virtual http server set up as well
using DR, and its working great - shows lots of inactive connections
(like it should).


Thanks!


On Tue, Aug 26, 2008 at 5:16 PM, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:
> On Tue, 26 Aug 2008, Bryan Aldridge wrote:
>
>> Hi,
>>
>> I found some cases of others using LDAP with LVS-DR with
>> good results on the list here, and initially I was having
>> good results as well.
>
> I looked back about a year and didn't find anything. Can you
> point me to the posting? The only one I know is the
> read-only LDAP server by Tim Mooney.
>
>> Then one day I learned that the connections being made to
>> LDAP through LVS were never expiring or timing out.
>
> have no idea what that's about. You may have to tcpdump a
> single connect-disconnect through LVS and then without LVS,
> to see what's happening. I assume this same setup works for
> another single port service like http?
>
> It looks like the connection is hung waiting for something
> to happen before it can be terminated. Is something else
> requiring a connection, identd? ldaps?
>
>> All connections were "Active Connections" unlike the example in the
>> post I saw in the archives.  Also, running a
>>
>> netstat -ao | grep -c "ldap"
>>
>> on both the realservers shows upwards of a thousand connections!
>
> this is a new one on me.
>
>> At this point, the real servers begin dropping all further
>> incoming LDAP connections until that number comes down.
>> (I simply get a ldap_result: Can't contact LDAP server
>> (-1))
>
> I got a similar error with failover dhcpd servers once. I
> never figured out what was going on. I didn't look with
> netstat though.
>
> Joe
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] LDAP and LVS-DR problems, Bryan Aldridge Re: [lvs-users] LDAP and LVS-DR problems, Joseph Mack NA3T Re: [lvs-users] LDAP and LVS-DR problems, Bryan Aldridge <= Re: [lvs-users] LDAP and LVS-DR problems, Joseph Mack NA3T Re: [lvs-users] LDAP and LVS-DR problems, Tim Mooney Re: [lvs-users] LDAP and LVS-DR problems, Joseph Mack NA3T Re: [lvs-users] LDAP and LVS-DR problems, Joseph Mack NA3T Re: [lvs-users] LDAP and LVS-DR problems, Bryan Aldridge Re: [lvs-users] LDAP and LVS-DR problems, Thomas Pedoussaut Re: [lvs-users] LDAP and LVS-DR problems, Bryan Aldridge Re: [lvs-users] LDAP and LVS-DR problems, ago@xxxxxxxxxxxx

Previous by Date:	Re: [lvs-users] LDAP and LVS-DR problems, Joseph Mack NA3T
Next by Date:	Re: [lvs-users] LDAP and LVS-DR problems, Joseph Mack NA3T
Previous by Thread:	Re: [lvs-users] LDAP and LVS-DR problems, Joseph Mack NA3T
Next by Thread:	Re: [lvs-users] LDAP and LVS-DR problems, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]