[lvs-users] LDAP and LVS-DR problems

Joseph Mack NA3T jmack at wm7d.net
Tue Aug 26 22:16:05 BST 2008

On Tue, 26 Aug 2008, Bryan Aldridge wrote:

> Hi,
> I found some cases of others using LDAP with LVS-DR with 
> good results on the list here, and initially I was having 
> good results as well.

I looked back about a year and didn't find anything. Can you 
point me to the posting? The only one I know is the 
read-only LDAP server by Tim Mooney.

> Then one day I learned that the connections being made to
> LDAP through LVS were never expiring or timing out.

have no idea what that's about. You may have to tcpdump a 
single connect-disconnect through LVS and then without LVS, 
to see what's happening. I assume this same setup works for 
another single port service like http?

It looks like the connection is hung waiting for something 
to happen before it can be terminated. Is something else 
requiring a connection, identd? ldaps?

> All connections were "Active Connections" unlike the example in the
> post I saw in the archives.  Also, running a
> netstat -ao | grep -c "ldap"
> on both the realservers shows upwards of a thousand connections!

this is a new one on me.

> At this point, the real servers begin dropping all further 
> incoming LDAP connections until that number comes down. 
> (I simply get a ldap_result: Can't contact LDAP server 
> (-1))

I got a similar error with failover dhcpd servers once. I 
never figured out what was going on. I didn't look with 
netstat though.

