Openldap gurus,
This maybe a networking issue rather than configuration but I thought I’d run it by you guys to see if this can work. For replication, does ldap care whether I use a server redirect on the /etc/hosts file rather than the actual FQDN or IP address? I have two ldap systems behind a firewall with ldap ports 389 and 636 allowed thru. A redirect was setup to be able to get to these two systems. I set up a third ldap server outside the firewall and could not get it to replicate with other two servers by using the allowed redirect address. The two internal system replicate data just fine.
So for example, it is suggested to add the 3 servers FQDN and IP addresses each of their /etc/hosts file and ensure they can see/communicate with eachother.
/etc/hosts: Server1.local.srv Server2.local.srv Server3.local.srv
My setup looks like this: /etc/hosts Server1andserver2redirect.local.srv (redirect that routes ldap traffic to the two internal servers) Server3.local.srv
Can this work? If yes, what am I missing?
Thank you, Liz
Real, Elizabeth (392K) wrote:
This maybe a networking issue rather than configuration but I thought I’d run it by you guys to see if this can work. For replication, does ldap care whether I use a server redirect on the /etc/hosts file rather than the actual FQDN or IP address?
I'm not sure what you mean with "redirect".
AFAIK OpenLDAP simply uses what's configured on your operating system to map a hostname to an IP address.
If you're on Linux then have a look at file /etc/nsswitch.conf. Usually it contains such a line:
hosts: files dns
This means the hostname is first looked up in /etc/hosts and after that DNS is queried.
You can find out whether names get correctly resolved by using ping. Even if the firewall blocks the ICMP network traffic it displays whether it finds the IP address.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Real, Elizabeth (392K)