[Fedora-directory-users] SSL problem on replication!

Susan logastellus at yahoo.com
Mon Mar 27 18:51:08 UTC 2006 

--- Alex <magobin at gmail.com> wrote:
>  
> > wait, so both servers have the same name?  meaning, if you 
> > run hostname on either server, hostname returns the same thing?
> >  
> 
> No, nodo1 is 10.23.5.252 and nodo2 is 10.23.5.253, but in cluster suite I
> configured a Ip-service (10.23.5.250); with this ip I configured DS...in DNS
> I cofigured 10.23.5.250 that point to ldap.domain.example.com; then I
> configured during DS setup that both DS point to ldap.domain.example.com..so
> the configurations are exactly the same!...in clear works but with ssl....

well, can you successfully query BOTH DSs with ldapsearch -ZZ, with their real IPs?  If you cannot
do that, then like Mike J said, no replication will ever happen.

In fact, because the floating IP will only reside on 1 server at a time but you configured both
FDSs to listen on that IP, which will not exist on one of the servers, it's a problem.  Plus, you
don't have to do that.  Make FDS listen on its OWN REAL IP and keep your floating cluster setup
the same way.  That way, any clients will talk to the floating IP but the FDS is really listening
on any interface:

tcp        0      0 *:ldaps                     *:*                         LISTEN      

which means that even if a packet arrives to a floating IP and FDS is listening on a real IP,
it'll pick it up anyway.  This way, replication will always happen to real IPs and there is no
dependency on the cluster IP for replication (it's not needed, obviously)



> I don't know if this is the problem...I can try...otherwise...the only
> solution that I thought is to configure DS on their real hostname (nodo1 and
> nodo2) and then in DNS via round robin configure a ldap entry that point
> both nodo1 and nodo2...but in this way I don't solve ip issue!

not needed!  No DNS round robin, that's lame.  although if you're using dns RR, then there is no
IP issue -- you're not talking to an IP.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Fedora-directory-users mailing list