[Freeipa-users] Which client is noisy?

thierry bordaz tbordaz at redhat.com
Tue Jun 2 07:20:33 UTC 2015 

On 06/01/2015 05:10 PM, Innes, Duncan wrote:
> Petr,
>
> We're using a different domain for IPA thankfully (unix.example.com),
> but the AD guys control DNS and don't want to touch anything in the DNS
> that might affect their example.com records.  Everything is on the same
> VLANs, so I didn't want to press with any configuration request that
> might have broken things.
>
> Thierry,
>
> Looking at the logconv output, rebooting the noisiest IPA server,
> looking at the data again - it's becoming more clear that the failover
> of the clients is moving to the next system in the list, but then
> remaining there until it's forced to by that one going offline too.  I
> knew this might happen when we designed the system, but as I said above,
> we didn't meet a very flexible AD team.
Hello Innes,

    The routing of the ldap client resquest is usually done by a proxy
    or something acting like a proxy.
    It is sometime preferable that after a failover to a backup server
    the ldap client stick to the backup server
    as we do not know exactly when the principal server will be able to
    handle the load.

    thanks
    thierry

>
> Cheers all,
>
> Duncan
>
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com
> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Spacek
> Sent: 01 June 2015 15:40
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Which client is noisy?
>
> On 1.6.2015 10:56, Innes, Duncan wrote:
>> We don't have access to the _SRV_ records as the AD domain controls
>> that, so we had to hard code the main and failover servers on the
> Side note:
> It sounds that your FreeIPA setup is using the same domain name as AD
> realm.
> This is directly against
> http://www.freeipa.org/page/Deployment_Recommendations#DNS
> and will cause pain moving forward as AD Trusts and DNSSEC validation
> will be impossible.
>
> Please follow
> http://www.freeipa.org/page/Deployment_Recommendations
> for the next deployment :-)
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
> This message has been checked for viruses and spam by the Virgin Money
> email scanning system powered by Messagelabs.
>
> This message has been checked for viruses and spam by the Virgin Money email scanning system powered by Messagelabs.
>
> This e-mail is intended to be confidential to the recipient. If you receive a copy in error, please inform the sender and then delete this message.
>
> Virgin Money plc - Registered in England and Wales (Company no. 6952311). Registered office - Jubilee House, Gosforth, Newcastle upon Tyne NE3 4PL. Virgin Money plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
>
> The following companies also trade as Virgin Money. They are both authorised and regulated by the Financial Conduct Authority, are registered in England and Wales and have their registered office at Jubilee House, Gosforth, Newcastle upon Tyne NE3 4PL: Virgin Money Personal Financial Service Limited (Company no. 3072766) and Virgin Money Unit Trust Managers Limited (Company no. 3000482).
>
> For further details of Virgin Money group companies please visit our website at virginmoney.com
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150602/75e488f5/attachment.htm>

More information about the Freeipa-users mailing list