HPE Community
Operating System - HP-UX
1827798 Members
2371 Online
109969 Solutions
New Discussion

LDAP-UX: fail-over bug + LpK patch for SSH

 
Massimiliano Adamo
Occasional Advisor

‎12-12-2005 10:17 AM

‎12-12-2005 10:17 AM

LDAP-UX: fail-over bug + LpK patch for SSH

All,

I am running a project to build an ldap server to be used for user authnetication, for sudo administration and for SSH key management.
We have more then thousand HP-UX servers in the company plus some RedHat server.

I am encountering the following two problems:

1) LDAP-UX has a bug. The defect number is JAGae32900. It fails to fail-over if LDAP-UX is running (funny stuff). Do you know if this bug was fixed? It seems to work only when ldap-ux bootups. I wouldn't like to build a cluster because of this bug.

2) I am trying to compile SSH using LpK patch. This patch allows to use a central repository (the ldap server) to distribute ssh-keys. Unfortunatel I am not able to compile. HEre is tha patch for OpenSSH: http://www.opendarwin.org/projects/openssh-lpk/

Thanks
Massimiliano Adamo
0 Kudos
Reply
3 REPLIES 3
Thummalu
Frequent Advisor

‎12-13-2005 02:25 AM

‎12-13-2005 02:25 AM

Re: LDAP-UX: fail-over bug + LpK patch for SSH

Hi,

For the first pont you mentioned,

why cant you try out for a replication agreement between all the servers in the clister.
So that during the server bind fail , the user database will remain stable. Once the fail over is done and again the connection is re established, the changes you have done to the new server user database will be replicated accordingly.

One server can be master and the other server can be replica.

The above is just a suggestion. correct me if I am wrong...

or the other way is when bind fails, restart the ldapclientd deamon.

br
Thummalu
0 Kudos
Reply
Massimiliano Adamo
Occasional Advisor

‎12-13-2005 04:37 AM

‎12-13-2005 04:37 AM

Re: LDAP-UX: fail-over bug + LpK patch for SSH

Hi Thummalu.

first, thanks for your answer.
using netscape 7 you can have up to 4 master, using netscape 6 you can setup 2 master, using Openldap you can only have 1 master. We'll probably choose netscape and set up multimaster replica. So it's clear that we'll use replicas.

On the other side I hate using cluster when ldap replica coould be enough.
I could restart the client to bind the new server but there is a practical problem. We have about 7 hundred hp-ux acting as clients and I cannot restart 700 clients.

There is another thing to say: the bug that I am speaking about was present in version 3.3 ov LDAP-UX, but now there is version 4 of LDAP-UX.
It si possible that they fixed this bug but ths is not mentioned in the documentation!
Shuold I setup a test environment and test this problem? uff :-(

--
Massimiliano
0 Kudos
Reply
Thummalu
Frequent Advisor

‎12-13-2005 10:26 PM

‎12-13-2005 10:26 PM

Re: LDAP-UX: fail-over bug + LpK patch for SSH

I am not sure about the latest ldapux 4. Still I did not installed it and used. But using in testing env will be a good idea before directly installing it. Please update the forum about your results

Thank you

br
Thummalu



0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.