Bug 1302906 - RFE Document directory server with SASL / GSSAPI behind load balancer
RFE Document directory server with SASL / GSSAPI behind load balancer
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: Documentation (Show other bugs)
10.0
Unspecified Unspecified
unspecified Severity unspecified
: DS10.1
: ---
Assigned To: Marc Muehlfeld
Viktor Ashirov
:
: 1333948 (view as bug list)
Depends On:
Blocks: 1277834
  Show dependency treegraph
 
Reported: 2016-01-28 18:23 EST by wibrown@redhat.com
Modified: 2016-11-21 08:43 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-21 08:43:07 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2026123 None None None 2016-08-30 12:10 EDT

  None (edit)
Description wibrown@redhat.com 2016-01-28 18:23:08 EST
Suggestions for improvement: 

We have made a number of changes to ds, especially setup-ds.pl that now enable the configuration of ldap behind a load balancer with sasl/gssapi.

This is fixed with https://fedorahosted.org/389/ticket/48332 . You can now set the value General.StrictHostCheck=False. This will prevent hostname validation during the installation.

This means you can have a loadbalance, with the hostname lbx.example.com, and a directory server dsa.example.com. You can setup-ds.pl on the ds instance with HostName=lbx.example.com and StrictHostCheck False. You can then create the keytab for ldap/lbx.example.com on dsa.example.com, and it will use it correctly for clients that access the ldap service via lbx.example.com.
Comment 1 Petr Bokoc 2016-08-30 12:08:51 EDT
*** Bug 1333948 has been marked as a duplicate of this bug. ***
Comment 5 Marc Muehlfeld 2016-11-21 08:43:07 EST
The update for Directory Server 10.1 is now available on the Customer Portal.

Note You need to log in before you can comment on or make changes to this bug.