So.. I don't have prior experience w/ either of these concepts.. this is a project that i'm working on to get familiar.. here's my question:

I've got a vip (ldap-lb-vip) setup for two servers acting as load balancers, lb1 and lb2 and i'm using keepalived to bounce the vip between the two load balancers in the event of a failure, and it's doing this successfully so the communication between lb1 and lb2 is functioning.. The primary load balancer is to round robin traffic between two ldap servers, ldap1 and ldap2.. the secondary load balancer is just in case the primary fails.. at this point, i'm trying to test if the communication between a client and the ldap servers is working correctly, but I think that there may be an issue w/ haproxy taking the request and forwarding it to the ldap servers..
I have edited the /etc/ldap.conf file on a test server, and pointed the uri parameter to the load balancer vip like: "uri ldap://ldap.vip.local".

When I do this, however, I start getting messages in the error log that the test box can no longer connect to ldap, and of course I can no longer ssh to the box.

I can ping the vip, the load balancers and both of the ldap servers from the test box. Anybody have any insight as to what log files to check or how I can find out where the disconnect is occurring? The OS is centos 5

Thanks

bump

Anybody out there that can help me determine my point of failure between these servers? Client-side I get that it can't connect to the ldap server when I change the "uri ldap://" parameter in /etc/ldap.conf. I am, however, able to "telnet ldap.vip.local 389" from the client, from the load balancers and localhost on the ldap servers.

I have taken the load balancers out of the equation for now, and am currently just trying to get a client to allow authentication using my new ldap server.

I edit the /etc/ldap.conf file and change the uri parameter to point to the new master ldap server.

At this point, in /var/log/secure I start getting errors about "nss_ldap: reconnecting to ldap server (sleeping xx seconds)

There is also an ldap.conf file in my /etc/openssl/cacerts dir but I don't believe it's the correct ldap.conf file since no changes occur when I edit this file vs the one in /etc/.

One the ldap server, I don't see anything in /var/log/secure.
In the ldap access logs, I keep getting the following:

[07/Dec/2012:15:10:51 -0500] conn=6169 fd=64 slot=64 connection from 192.168.118.170 to 192.168.118.43
[07/Dec/2012:15:10:51 -0500] conn=6169 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[07/Dec/2012:15:10:51 -0500] conn=6169 op=0 RESULT err=0 tag=120 nentries=0 etime=0
[07/Dec/2012:15:10:51 -0500] conn=6169 op=-1 fd=64 closed - Peer does not recognize and trust the CA that issued your certificate.

118.170 is the client i'm attempting to ssh to that I make the changes in the ldap file to, and 118.43 is the ldap server.