[Freeipa-users] load balancers?
Simo Sorce
simo at redhat.com
Sat Apr 4 15:47:06 UTC 2015
We use SASL/GSSAPI/krb5 to authenticate clients to the LDAP server.
If you want to load balance by using a common DNS name in front of all
servers, you will need to deal with issues with krb5 authentication.
At the very least you should add keys to all servers for a principal
named after the common name. However we do not test this scenario and I
am not 100% sure it works correctly when you factor in that we use
GSSAPI also for replication.
Simo.
On Sat, 2015-04-04 at 22:16 +0700, Brian Topping wrote:
> I believe LDAP can be load balanced without any problem. It is a TCP
> based protocol without persistent state between transactions so it
> should be just fine.
>
> Sent from my iPhone
>
> > On Apr 4, 2015, at 21:55, Janelle <janellenicole80 at gmail.com> wrote:
> >
> > Hello everyone,
> >
> > Probably a quiet weekend for any responses, but I will toss this
> out. I was wondering if anyone has had any issues with load balancers
> and IPA? Not with Kerberos, since I know the protocol is designed
> without load balancer support, but in the case of using the LDAP
> portion? I am curious because the load balancing within sssd is not
> really load balancing, but more fail-over. I am wondering what kind of
> experience and maybe suggestions for a good LB setup anyone might
> have.
> >
> > Thank You
> > ~J
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list