Bug 1302906 - RFE Document directory server with SASL / GSSAPI behind load balancer
Summary: RFE Document directory server with SASL / GSSAPI behind load balancer
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Documentation
Version: 10.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: DS10.1
: ---
Assignee: Marc Muehlfeld
QA Contact: Viktor Ashirov
URL:
Whiteboard:
: 1333948 (view as bug list)
Depends On:
Blocks: 1277834
TreeView+ depends on / blocked
 
Reported: 2016-01-28 23:23 UTC by wibrown@redhat.com
Modified: 2016-11-21 13:43 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-21 13:43:07 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2026123 0 None None None 2016-08-30 16:10:02 UTC

Description wibrown@redhat.com 2016-01-28 23:23:08 UTC 
Suggestions for improvement: 

We have made a number of changes to ds, especially setup-ds.pl that now enable the configuration of ldap behind a load balancer with sasl/gssapi.

This is fixed with https://fedorahosted.org/389/ticket/48332 . You can now set the value General.StrictHostCheck=False. This will prevent hostname validation during the installation.

This means you can have a loadbalance, with the hostname lbx.example.com, and a directory server dsa.example.com. You can setup-ds.pl on the ds instance with HostName=lbx.example.com and StrictHostCheck False. You can then create the keytab for ldap/lbx.example.com on dsa.example.com, and it will use it correctly for clients that access the ldap service via lbx.example.com.
Comment 1 Petr Bokoc 2016-08-30 16:08:51 UTC 
*** Bug 1333948 has been marked as a duplicate of this bug. ***
Comment 5 Marc Muehlfeld 2016-11-21 13:43:07 UTC 
The update for Directory Server 10.1 is now available on the Customer Portal.
Note You need to log in before you can comment on or make changes to this bug.