Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 12-05-2012, 04:21 PM   #1
LQ Newbie
Registered: Jul 2009
Posts: 12

Rep: Reputation: 0
haproxy + 389 dir srv master/slave setup questions

So.. I don't have prior experience w/ either of these concepts.. this is a project that i'm working on to get familiar.. here's my question:

I've got a vip (ldap-lb-vip) setup for two servers acting as load balancers, lb1 and lb2 and i'm using keepalived to bounce the vip between the two load balancers in the event of a failure, and it's doing this successfully so the communication between lb1 and lb2 is functioning.. The primary load balancer is to round robin traffic between two ldap servers, ldap1 and ldap2.. the secondary load balancer is just in case the primary fails.. at this point, i'm trying to test if the communication between a client and the ldap servers is working correctly, but I think that there may be an issue w/ haproxy taking the request and forwarding it to the ldap servers..
I have edited the /etc/ldap.conf file on a test server, and pointed the uri parameter to the load balancer vip like: "uri ldap://".

When I do this, however, I start getting messages in the error log that the test box can no longer connect to ldap, and of course I can no longer ssh to the box.

I can ping the vip, the load balancers and both of the ldap servers from the test box. Anybody have any insight as to what log files to check or how I can find out where the disconnect is occurring? The OS is centos 5

Old 12-06-2012, 08:14 AM   #2
LQ Newbie
Registered: Jul 2009
Posts: 12

Original Poster
Rep: Reputation: 0
Old 12-06-2012, 03:13 PM   #3
LQ Newbie
Registered: Jul 2009
Posts: 12

Original Poster
Rep: Reputation: 0
Anybody out there that can help me determine my point of failure between these servers? Client-side I get that it can't connect to the ldap server when I change the "uri ldap://" parameter in /etc/ldap.conf. I am, however, able to "telnet 389" from the client, from the load balancers and localhost on the ldap servers.
Old 12-07-2012, 02:08 PM   #4
LQ Newbie
Registered: Jul 2009
Posts: 12

Original Poster
Rep: Reputation: 0
I have taken the load balancers out of the equation for now, and am currently just trying to get a client to allow authentication using my new ldap server.

I edit the /etc/ldap.conf file and change the uri parameter to point to the new master ldap server.

At this point, in /var/log/secure I start getting errors about "nss_ldap: reconnecting to ldap server (sleeping xx seconds)

There is also an ldap.conf file in my /etc/openssl/cacerts dir but I don't believe it's the correct ldap.conf file since no changes occur when I edit this file vs the one in /etc/.

One the ldap server, I don't see anything in /var/log/secure.
In the ldap access logs, I keep getting the following:

[07/Dec/2012:15:10:51 -0500] conn=6169 fd=64 slot=64 connection from to
[07/Dec/2012:15:10:51 -0500] conn=6169 op=0 EXT oid="" name="startTLS"
[07/Dec/2012:15:10:51 -0500] conn=6169 op=0 RESULT err=0 tag=120 nentries=0 etime=0
[07/Dec/2012:15:10:51 -0500] conn=6169 op=-1 fd=64 closed - Peer does not recognize and trust the CA that issued your certificate.

118.170 is the client i'm attempting to ssh to that I make the changes in the ldap file to, and 118.43 is the ldap server.


haproxy, openldap

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
MySQL Master-Slave Replication - How to make the slave read-only? saagar Linux - Server 1 08-31-2010 08:13 AM
HDD setup for dual boot XP/Linux install on slave drive questions alearner Linux - Newbie 3 04-23-2010 03:06 PM
What is /srv dir most used for? jchambers Linux - Newbie 2 02-20-2008 12:50 AM
OpenLDAP master / slave setup sunhui Linux - Security 0 10-02-2006 09:51 PM
Slave to Master? s9722 Linux - General 6 02-23-2004 10:34 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:46 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration