In our environment we use six SLES10 boxes with eDir 882 to provide LDAP authentication for our customers. These customers connect to multiple Tomcats, which will query the SLES machines for
the users credentials. The tomcats are configured with a simple round robin, e.g. if the first LDAP server is'nt available, they will use the second and so on. This round robin simply relies on the availability of the machine, not on the LDAP-services. So if the machine is up while LDAP is'nt, there's no round robin and the query will fail.

So maintaining these servers is done by changing the configuration (use another server as the first entrie in the round robin list) and waiting until the established connection are gone.

I would like to provide a real HA-LDAP. My colleagous told me just to configure virtual interface on each server and establish heartbeat for those virtual interfaces. LDAP binds then point to that HA interfaces. Sounds good to me, but

- What's about the LDAP eDirectory integration? Should I configure these virtual LDAP-Interfaces in eDirectory (LDAP-Server and LDAP Group)?
- Or may I just use SLES configurations and ignore LDAP configuration in eDir?

What would be the best way to achieve my goal?

Any hints and expieriences are welcome...